X
Tap here to go to the mobile version of the site.

Support Forum

All of a sudden, after a firefox update, I am getting "This Connection is Untrusted" for Facebook, it doesn't matter if I use http: or https:, WHY????????

Posted

All of a sudden, after a firefox update, I am getting "This Connection is Untrusted" for Facebook, it doesn't matter if I use http: or https:, WHY???????? Here are all the details from the error message:

This Connection is Untrusted

You have asked Firefox to connect securely to facebook.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

facebook.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

(Also included a screen shot.)

All of a sudden, after a firefox update, I am getting "This Connection is Untrusted" for Facebook, it doesn't matter if I use http: or https:, WHY???????? Here are all the details from the error message: This Connection is Untrusted You have asked Firefox to connect securely to facebook.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. facebook.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) (Also included a screen shot.)

Chosen solution

cor-el said

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar. You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer.
You can see more details like the intermediate certificates that are used in the Details tab. If you can't inspect the certificate via "I Understand the Risks" then try this: Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
  • chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer
Check who is the issuer of the certificate. You can inspect more details like the certificate chain in Details tab of the Certificate Viewer.
Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 15.7.20033
  • Facebook Video Calling Plugin
  • Version 5.41.2.0
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.45.2 for Mozilla browsers
  • Office Authorization plug-in for NPAPI browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • npapicomadapter
  • Shockwave Flash 17.0 r0
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.1.629
  • 4.0.50401.0
  • Unity Player 4.3.5f1
  • WildTangent Games App V2 Presence Detector
  • NPWLPG
  • Yahoo Application State Plugin version 1.0.0.7

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

More Information

Question owner

I am about ready to give up on firefox and change to Chrome.

I am about ready to give up on firefox and change to Chrome.
cor-el
  • Top 10 Contributor
  • Moderator
17757 solutions 160593 answers

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer.

You can see more details like the intermediate certificates that are used in the Details tab.

If you can't inspect the certificate via "I Understand the Risks" then try this:

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

Check who is the issuer of the certificate.

You can inspect more details like the certificate chain in Details tab of the Certificate Viewer.

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar. *https://support.mozilla.org/kb/Secure+Connection+Failed You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates. *Click the link at the bottom of the error page: "I Understand the Risks" *Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate" *Click the "View" button and inspect the certificate and check who is the issuer. You can see more details like the intermediate certificates that are used in the Details tab. If you can't inspect the certificate via "I Understand the Risks" then try this: Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate: *chrome://pippki/content/exceptionDialog.xul In the location field type/paste the URL of the website *retrieve the certificate via the "Get certificate" button *click the "View..." button to inspect the certificate in the Certificate Viewer Check who is the issuer of the certificate. You can inspect more details like the certificate chain in Details tab of the Certificate Viewer.

Question owner

There is no link at the bottom of the error page: "I Understand the Risks"

There is no link at the bottom of the error page: "I Understand the Risks"

Helpful Reply

None of that worked at all.

None of that worked at all.
cor-el
  • Top 10 Contributor
  • Moderator
17757 solutions 160593 answers

What do you see if the use the second procedure and paste https://facebook.com in the location field and click View Certificate?

  • chrome://pippki/content/exceptionDialog.xul
What do you see if the use the second procedure and paste https://facebook.com in the location field and click View Certificate? *chrome://pippki/content/exceptionDialog.xul

Question owner

This is what I see... Which is no help.

This is what I see... Which is no help.
jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

It actually points directly to the answer: look at who is listed as issuing the certificate for Facebook: Kaspersky.

By any chance did you use the Refresh feature during your last update? This can happen when Firefox reports it is starting slowly and says you can speed it up by restoring some default settings. If you click the button, an Old Firefox Data folder appears on your desk with your old settings folder. Do you see anything like that?

Reason I ask is, the old certificate file which was already set up to work with Kaspersky's SSL Scan feature would be in there and you could copy it over to your current settings folder.

Otherwise, you can set Firefox up to work with Kaspersky again.

It actually points directly to the answer: look at who is listed as issuing the certificate for Facebook: Kaspersky. By any chance did you use the Refresh feature during your last update? This can happen when Firefox reports it is starting slowly and says you can speed it up by restoring some default settings. If you click the button, an Old Firefox Data folder appears on your desk with your old settings folder. Do you see anything like that? Reason I ask is, the old certificate file which was already set up to work with Kaspersky's SSL Scan feature would be in there and you could copy it over to your current settings folder. Otherwise, you can set Firefox up to work with Kaspersky again.

Question owner

I didn't update it, after YEARS of having Firefox setup to not update on it's own, it just did it. I have never had this happen before. There is now a folder on my desktop, as you described, but I never saw anything like you are describing. Anyway... I just had my computer guy look at it and he thinks he got it fixed and cannot understand why the problem is ONLY on my profile on this computer, none of the other profiles had this problem from the update. If I have any continuing problems I will be back here, and more ready to delete Firefox. Thank you for the help.

I didn't update it, after YEARS of having Firefox setup to not update on it's own, it just did it. I have never had this happen before. There is now a folder on my desktop, as you described, but I never saw anything like you are describing. Anyway... I just had my computer guy look at it and he thinks he got it fixed and cannot understand why the problem is ONLY on my profile on this computer, none of the other profiles had this problem from the update. If I have any continuing problems I will be back here, and more ready to delete Firefox. Thank you for the help.

Question owner

So this problem still persists. I am again getting the untrusted site and no option to bypass it.

So this problem still persists. I am again getting the untrusted site and no option to bypass it.

Question owner

jscher2000 HOW WOULD I DO THIS?????

"Reason I ask is, the old certificate file which was already set up to work with Kaspersky's SSL Scan feature would be in there and you could copy it over to your current settings folder.

Otherwise, you can set Firefox up to work with Kaspersky again."

jscher2000 HOW WOULD I DO THIS????? "Reason I ask is, the old certificate file which was already set up to work with Kaspersky's SSL Scan feature would be in there and you could copy it over to your current settings folder. Otherwise, you can set Firefox up to work with Kaspersky again."
philipp
  • Top 25 Contributor
  • Moderator
5339 solutions 23578 answers

go into the kaspersky settings > additional > network settings and disable the scanning of encrypted connections there. alternatively you could also try to import the kaspersky certificate into firefox like described by another user at https://support.mozilla.org/en-US/questions/1026631#answer-650916.

go into the kaspersky ''settings > additional > network settings'' and disable the scanning of encrypted connections there. alternatively you could also try to import the kaspersky certificate into firefox like described by another user at https://support.mozilla.org/en-US/questions/1026631#answer-650916.

Question owner

I am STILL having this problem!!!! Is there any help out there????

I am STILL having this problem!!!! Is there any help out there????
philipp
  • Top 25 Contributor
  • Moderator
5339 solutions 23578 answers

have you tried either option from my answer above - what's the result?

have you tried either option from my answer above - what's the result?

Question owner

Yes, and both seemed to work right up until I rebooted my computer, I need a permanent fix not temporary.

Yes, and both seemed to work right up until I rebooted my computer, I need a permanent fix not temporary.
jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

What changed at Windows startup: the Kaspersky SSL Scan turned back on, or Firefox lost the authority certificate and stopped trusting Kaspersky's fake certificates?

If the problem is that Firefox lost the certificate, does the same problem occur if you exit Firefox and start it up again, or only when you shut down and restart Windows?

Some utility software like CCleaner may change your Firefox settings files at Windows startup, but I don't know why any software would touch the cert8.db file. That seems strange.

What changed at Windows startup: the Kaspersky SSL Scan turned back on, or Firefox lost the authority certificate and stopped trusting Kaspersky's fake certificates? If the problem is that Firefox lost the certificate, does the same problem occur if you exit Firefox and start it up again, or only when you shut down and restart Windows? Some utility software like CCleaner may change your Firefox settings files at Windows startup, but I don't know why any software would touch the cert8.db file. That seems strange.

Question owner

I don't know what the problem is, but the only way to resolve it seems to be to delete ANY antivirus programs on my computer, so since firefox appears to not work with any antivirus, I am going to uninstall firefox and reinstall my computers protection!!! I will not have an unprotected computer for a browser that has turned to shit, so either MOZILLA can get off their ass and find a fix or I am gone and I promise to blast the the problem on EVERY public forum I can find!

I don't know what the problem is, but the only way to resolve it seems to be to delete ANY antivirus programs on my computer, so since firefox appears to not work with any antivirus, I am going to uninstall firefox and reinstall my computers protection!!! I will not have an unprotected computer for a browser that has turned to shit, so either MOZILLA can get off their ass and find a fix or I am gone and I promise to blast the the problem on EVERY public forum I can find!
philipp
  • Top 25 Contributor
  • Moderator
5339 solutions 23578 answers

the problem is that your antivirus program is intercepting all secure connections without being properly set-up to do so. this is looking like a man-in-the-middle attack to the browser and therefore you'll get the warning screens. if you want to troubleshoot the problem with us, then please follow up on the questions asked/suggestions made and keep your tone constructive (otherwise this topic will be locked). you can contact kaspersky's support as well, you are paying for their product that is causing the problem!

the problem is that your antivirus program is intercepting all secure connections without being properly set-up to do so. this is looking like a man-in-the-middle attack to the browser and therefore you'll get the warning screens. if you want to troubleshoot the problem with us, then please follow up on the questions asked/suggestions made and keep your tone constructive (otherwise this topic will be locked). you can contact kaspersky's support as well, you are paying for their product that is causing the problem!
jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

Helpful Reply

Millions of Firefox users probably run Kaspersky, ESET, BitDefender or avast!, all of which do the same kind of filtering and present fake certificates to Firefox. You definitely can make this work. Heck, you know that, because it worked before you did the Refresh.

We would never suggest removing Kaspersky, so if you did, please reinstall it. Your security comes first.

Next, you can try to push Kaspersky's authority certificate into Firefox so Firefox trusts all of its fake certificates, or you can turn off just the interceptions of your secure connections and keep all of the other Kaspersky features, your choice.


I haven't checked these links for a few months, but hopefully they still work!

One of these articles/posts might help you get Firefox to trust Kaspersky's fake certificates again:

Millions of Firefox users probably run Kaspersky, ESET, BitDefender or avast!, all of which do the same kind of filtering and present fake certificates to Firefox. You definitely can make this work. Heck, you know that, because it worked before you did the Refresh. We would never suggest removing Kaspersky, so if you did, please reinstall it. Your security comes first. Next, you can try to push Kaspersky's authority certificate into Firefox so Firefox trusts all of its fake certificates, or you can turn off just the interceptions of your secure connections and keep all of the other Kaspersky features, your choice. ---- ''I haven't checked these links for a few months, but hopefully they still work!'' One of these articles/posts might help you get Firefox to trust Kaspersky's fake certificates again: * See Opera section of this one: http://support.kaspersky.com/us/9093#block1 * Manual steps using classic menu bar (tap the Alt key to display it): http://support.kaspersky.com/5414 * https://support.mozilla.org/questions/1008312#answer-650914
pheczko 2 solutions 17 answers

Chosen Solution

cor-el said

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar. You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer.
You can see more details like the intermediate certificates that are used in the Details tab. If you can't inspect the certificate via "I Understand the Risks" then try this: Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
  • chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer
Check who is the issuer of the certificate. You can inspect more details like the certificate chain in Details tab of the Certificate Viewer.
''cor-el [[#answer-737081|said]]'' <blockquote> You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar. *https://support.mozilla.org/kb/Secure+Connection+Failed You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates. *Click the link at the bottom of the error page: "I Understand the Risks" *Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate" *Click the "View" button and inspect the certificate and check who is the issuer. You can see more details like the intermediate certificates that are used in the Details tab. If you can't inspect the certificate via "I Understand the Risks" then try this: Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate: *chrome://pippki/content/exceptionDialog.xul In the location field type/paste the URL of the website *retrieve the certificate via the "Get certificate" button *click the "View..." button to inspect the certificate in the Certificate Viewer Check who is the issuer of the certificate. You can inspect more details like the certificate chain in Details tab of the Certificate Viewer. </blockquote>
pheczko 2 solutions 17 answers

I have read through all of posts concerning this issue, and it is apparent to me that either a FF update caused this, or a Windows 10 update caused this. It is upsetting especially when I don't get the chance to override the error msg. This never happened in earlier versions of FF, nor did it happen prior to my upgrading to Windows 10.

The only "fix" that works for me every time is to cut and paste the "offending" URL into Chrome. No problem getting to google.com or facebook.com. Therefore, after many, many years of using FF, I will be switching to Chrome until or unless this gets fixed.

I have read through all of posts concerning this issue, and it is apparent to me that either a FF update caused this, or a Windows 10 update caused this. It is upsetting especially when I don't get the chance to override the error msg. This never happened in earlier versions of FF, nor did it happen prior to my upgrading to Windows 10. The only "fix" that works for me every time is to cut and paste the "offending" URL into Chrome. No problem getting to google.com or facebook.com. Therefore, after many, many years of using FF, I will be switching to Chrome until or unless this gets fixed.