X
Tap here to go to the mobile version of the site.

Support Forum

Error code: sec_error_unknown_issuer

Posted

Hi

I am having the typical "This Connection is Untrusted" message visiting a website.

When clicking in technical details, instead of having the button "Add exception", i have this message


XXXXX uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)


How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working

Thanks

Hi I am having the typical "This Connection is Untrusted" message visiting a website. When clicking in technical details, instead of having the button "Add exception", i have this message XXXXX uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working Thanks

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.0
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.45.2 for Mozilla browsers
  • Office Authorization plug-in for NPAPI browsers
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • The plugin allows you to have a better experience with Microsoft Lync
  • Adobe Shockwave for Director Netscape plug-in, version 11.6.8.638
  • 5.1.20513.0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0

More Information

user293 39 solutions 279 answers

This is typically caused by antivirus software. Which antivirus software (if any) do you use?

This is typically caused by antivirus software. Which antivirus software (if any) do you use?
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

Is the problem just with one site, or do you have this issue on numerous sites?

When you are in the Add Exception dialog, is the View button enabled to view the certificate? If so, who is listed under "Issued by"? Sometimes this will reference your security software vendor, or point to malware.

Is the problem just with one site, or do you have this issue on numerous sites? When you are in the Add Exception dialog, is the View button enabled to view the certificate? If so, who is listed under "Issued by"? Sometimes this will reference your security software vendor, or point to malware.
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

By the way, it is not normal to get certificate errors on mainstream sites. Most trustworthy sites have their stuff together, and you should almost never need to make an exception.

By the way, it is not normal to get certificate errors on mainstream sites. Most trustworthy sites have their stuff together, and you should almost never need to make an exception.
cor-el
  • Top 10 Contributor
  • Moderator
17421 solutions 157412 answers

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer.

You can see more details like the intermediate certificates that are used in the Details tab.

Who is the issuer of the certificate?

Can you attach a screenshot of the certificate viewer window?

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB
You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar. *https://support.mozilla.org/kb/Secure+Connection+Failed You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates. *Click the link at the bottom of the error page: "I Understand the Risks" *Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate" *Click the "View" button and inspect the certificate and check who is the issuer. You can see more details like the intermediate certificates that are used in the Details tab. Who is the issuer of the certificate? Can you attach a screenshot of the certificate viewer window? *http://en.wikipedia.org/wiki/Screenshot *https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem *Use a compressed image type like PNG or JPG to save the screenshot *Make sure that you do not exceed the maximum size of 1 MB

Question owner

Hi

Doesnt look like related to antivirus or similar. Restoring firebug to default works, but after some time it happens again

The problem is with several sites. I add the exception correctly, i can see the certificate, but still have the error

Thanks

Hi Doesnt look like related to antivirus or similar. Restoring firebug to default works, but after some time it happens again The problem is with several sites. I add the exception correctly, i can see the certificate, but still have the error Thanks
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

javidr said

Restoring firebug to default works, but after some time it happens again

The Firebug extension? Does it have any kind of proxying built in for debugging secure connections?

''javidr [[#answer-742112|said]]'' <blockquote> Restoring firebug to default works, but after some time it happens again </blockquote> The Firebug extension? Does it have any kind of proxying built in for debugging secure connections?

Question owner

Bingo! I realised today that this happens after enrouting traffic though a proxy (zap).

When i connect to that website through zap, it works fine, but direct connection doesnt work anymore

Does it ring any bell?

Thanks

Bingo! I realised today that this happens after enrouting traffic though a proxy (zap). When i connect to that website through zap, it works fine, but direct connection doesnt work anymore Does it ring any bell? Thanks
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

Does ZAP use an add-on to let you select which sites to proxy, or modify Firefox's proxy settings? This must be listed somewhere... If this issue affects all browsers, check the Windows hosts file for a redirect of that hostname to localhost.

Does ZAP use an add-on to let you select which sites to proxy, or modify Firefox's proxy settings? This must be listed somewhere... If this issue affects all browsers, check the Windows hosts file for a redirect of that hostname to localhost.
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

I should have mentioned, check your Firefox proxy setting here:

"3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button

I should have mentioned, check your Firefox proxy setting here: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button

Question owner

I have configured the proxy through foxyproxy

Thanks

I have configured the proxy through foxyproxy Thanks

Question owner

Hi As mentioned i use foxy proxy. Any hint on what could be happening?

Thanks

Hi As mentioned i use foxy proxy. Any hint on what could be happening? Thanks
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

I am not familiar with FoxyProxy but if it was directing requests for that certain website to your proxy, have you tried turning that off so Firefox sends requests directly to the site?

I am not familiar with FoxyProxy but if it was directing requests for that certain website to your proxy, have you tried turning that off so Firefox sends requests directly to the site?

Question owner

Yea. I have a proxy for zap and another for direct connection but seems like once the cert is accepted by zap, the direct connection doesnt validate the cert anymore

Yea. I have a proxy for zap and another for direct connection but seems like once the cert is accepted by zap, the direct connection doesnt validate the cert anymore
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

Helpful Reply

That's confusing. I think normally you either see the site's certificate or the proxy's certificate, and they should never get confused with one another.

Maybe the problem is that you saved an exception for the site using the proxy's certificate? If so, try removing it here:

"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button

Check the "Servers" tab for certificates signed by your proxy and see whether you can remove the certificate from there.

If that isn't it, maybe FoxyProxy can explain what's going on. I am not in a position to replicate your setup.

That's confusing. I think normally you either see the site's certificate or the proxy's certificate, and they should never get confused with one another. ''Maybe'' the problem is that you saved an exception for the site using the proxy's certificate? If so, try removing it here: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button Check the "Servers" tab for certificates signed by your proxy and see whether you can remove the certificate from there. If that isn't it, maybe FoxyProxy can explain what's going on. I am not in a position to replicate your setup.
jpeeling 0 solutions 1 answers

javidr said

Hi I am having the typical "This Connection is Untrusted" message visiting a website. When clicking in technical details, instead of having the button "Add exception", i have this message XXXXX uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working Thanks

alright so this might be an edge case, but check this out... so if you use an application like fiddler, that captures your network traffic history, it will do something (not sure what) with your certificates and you wont be able to root around in firefox while it is active. i.e. if you close fiddler or the like application, you can use firefox no prob! heres how i found out what was wrong... 1. i have a windows machine so sorry i dont know what the mac equivalent of this is. you need to search for manage user certificates. click that. 2. go to personal -> certificates. this is where i saw DO NOT TRUST_FIDDLER kind of thing everywhere.

this helped me figure out that fiddler was the problem most likely. so i close fiddler and bam it works fine.

''javidr [[#question-1067331|said]]'' <blockquote> Hi I am having the typical "This Connection is Untrusted" message visiting a website. When clicking in technical details, instead of having the button "Add exception", i have this message XXXXX uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working Thanks </blockquote> alright so this might be an edge case, but check this out... so if you use an application like fiddler, that captures your network traffic history, it will do something (not sure what) with your certificates and you wont be able to root around in firefox while it is active. i.e. if you close fiddler or the like application, you can use firefox no prob! heres how i found out what was wrong... 1. i have a windows machine so sorry i dont know what the mac equivalent of this is. you need to search for manage user certificates. click that. 2. go to personal -> certificates. this is where i saw DO NOT TRUST_FIDDLER kind of thing everywhere. this helped me figure out that fiddler was the problem most likely. so i close fiddler and bam it works fine.
jscher2000
  • Top 10 Contributor
8638 solutions 70669 answers

Hi jpeeling, that's a good tip. Unfortunately, some malware distributors are using the Fiddler certificate so for users who have not intentionally installed Fiddler, its presence is a huge red flag.

Hi jpeeling, that's a good tip. Unfortunately, some malware distributors are using the Fiddler certificate so for users who have not intentionally installed Fiddler, its presence is a huge red flag.