X
Tap here to go to the mobile version of the site.

Support Forum

Firefox has problems with security certificates for yahoo and google when my son logs in as a child under a family account in windows 10.

Posted

I use windows 10 and set up a microsoft family account with my son as a child so I can regulate his time on the computer. When he logs in this way and opens Firefox, he gets the error message sec_error_unknown_issuer whenever he tries to get into yahoo or google. The error screen doesn't give the option to make an exception for the problem with the security certificate. When he logs in as a local user the error message doesn't show up. I think it has something to do with logging in on a microsoft family account as a child. The security certificates are different and I think microsoft is acting as an intermediary. I log in as an adult and have no problems at all. I don't know if there is a way to get around this problem. He tried using google Chrome and had no problems but he really prefers to use Firefox as his default browser.

I use windows 10 and set up a microsoft family account with my son as a child so I can regulate his time on the computer. When he logs in this way and opens Firefox, he gets the error message sec_error_unknown_issuer whenever he tries to get into yahoo or google. The error screen doesn't give the option to make an exception for the problem with the security certificate. When he logs in as a local user the error message doesn't show up. I think it has something to do with logging in on a microsoft family account as a child. The security certificates are different and I think microsoft is acting as an intermediary. I log in as an adult and have no problems at all. I don't know if there is a way to get around this problem. He tried using google Chrome and had no problems but he really prefers to use Firefox as his default browser.

Chosen solution

I believe Microsoft Family Safety operates as a "man in the middle." IE, Edge, and Google Chrome share the same certificate store, the Windows system certificate store. In that store, Microsoft Family Safety is trusted as an authority to issue certificates on behalf of websites. What I think you need to do is copy the certificate to Firefox's separate certificate store to establish the same level of trust.

Microsoft published steps for this when it released an update for Windows 8.1 some time back, so these are the steps from that article. They probably work mostly the same in Windows 10 but please let us know.

(1) Open the Windows Certificate Manager by using search to find Manage user certificates

(2) Expand Trusted Root Certificates Authorities and then click Certificates

(3) In the right-side pane, select Microsoft Family Safety Certificate, and then right-click to display the shortcut menu. Select All Tasks, and then click Export.

(4) Continue through the Certificate Export Wizard:

  • When you are prompted to export the Private Key, click No.
  • For the export file format, select DER encoded binary X.509 (.CER).
  • Use the browse button to browse to your desktop, and then specify a file name such as Family Safety Certificate for the file that you are exporting. The wizard automatically adds a ".cer" extension.
  • Click Next, and then click Finish to complete the export.

(5) In Firefox, open the Advanced Panel of the Options page using:

"3-bar" menu button (or Tools menu) > Options > Advanced

Click the Certificates mini-tab, then the View Certificates button to display the Certificate Manager.

(7) In the Certificate Manager, click the Authorities mini-tab, and then click the Import button. Firefox should be looking for .cer files automatically.

(8) Point the import dialog to the desktop and select the Family Safety Certificate file that you previously exported, and then click Open.

(9) In the Downloading Certificate dialog box, select the Trust this CA to identify web sites check box, and then click OK. Click OK again to exit the Certificate Manager.

If Firefox doesn't trust Yahoo and Google immediately, you might need to clear Firefox's cache (see How to clear the Firefox cache), or exit out of Firefox and start it up again.

Success?

Read this answer in context 3

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.12
  • Google Update
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • The plugin allows you to have a better experience with Microsoft Lync
  • NPWLPG
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 18.0 r0
  • 5.1.40728.0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17416 solutions 157353 answers

If you have Avast then try to disable HTTPS scanning in Avast Web Shield.

If you can't inspect the certificate via "I Understand the Risks" then try this:

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website.

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.

If you have Avast then try to disable HTTPS scanning in Avast Web Shield. *http://www.ghacks.net/2014/10/31/avasts-https-scanning-interferes-with-firefox-and-other-programs/ *https://forum.avast.com/index.php?topic=176073.0 If you can't inspect the certificate via "I Understand the Risks" then try this: Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate: *chrome://pippki/content/exceptionDialog.xul In the location field of this window type or paste the URL of the website. *retrieve the certificate via the "Get certificate" button *click the "View..." button to inspect the certificate in the Certificate Viewer You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.
jscher2000
  • Top 10 Contributor
8637 solutions 70651 answers

Chosen Solution

I believe Microsoft Family Safety operates as a "man in the middle." IE, Edge, and Google Chrome share the same certificate store, the Windows system certificate store. In that store, Microsoft Family Safety is trusted as an authority to issue certificates on behalf of websites. What I think you need to do is copy the certificate to Firefox's separate certificate store to establish the same level of trust.

Microsoft published steps for this when it released an update for Windows 8.1 some time back, so these are the steps from that article. They probably work mostly the same in Windows 10 but please let us know.

(1) Open the Windows Certificate Manager by using search to find Manage user certificates

(2) Expand Trusted Root Certificates Authorities and then click Certificates

(3) In the right-side pane, select Microsoft Family Safety Certificate, and then right-click to display the shortcut menu. Select All Tasks, and then click Export.

(4) Continue through the Certificate Export Wizard:

  • When you are prompted to export the Private Key, click No.
  • For the export file format, select DER encoded binary X.509 (.CER).
  • Use the browse button to browse to your desktop, and then specify a file name such as Family Safety Certificate for the file that you are exporting. The wizard automatically adds a ".cer" extension.
  • Click Next, and then click Finish to complete the export.

(5) In Firefox, open the Advanced Panel of the Options page using:

"3-bar" menu button (or Tools menu) > Options > Advanced

Click the Certificates mini-tab, then the View Certificates button to display the Certificate Manager.

(7) In the Certificate Manager, click the Authorities mini-tab, and then click the Import button. Firefox should be looking for .cer files automatically.

(8) Point the import dialog to the desktop and select the Family Safety Certificate file that you previously exported, and then click Open.

(9) In the Downloading Certificate dialog box, select the Trust this CA to identify web sites check box, and then click OK. Click OK again to exit the Certificate Manager.

If Firefox doesn't trust Yahoo and Google immediately, you might need to clear Firefox's cache (see How to clear the Firefox cache), or exit out of Firefox and start it up again.

Success?

I believe Microsoft Family Safety operates as a "man in the middle." IE, Edge, and Google Chrome share the same certificate store, the Windows system certificate store. In that store, Microsoft Family Safety is trusted as an authority to issue certificates on behalf of websites. What I think you need to do is copy the certificate to Firefox's separate certificate store to establish the same level of trust. Microsoft published steps for this when it released an update for Windows 8.1 some time back, so these are the steps from that article. They probably work mostly the same in Windows 10 but please let us know. (1) Open the Windows Certificate Manager by using search to find <strong>Manage user certificates</strong> (2) Expand <strong>Trusted Root Certificates Authorities</strong> and then click <strong>Certificates</strong> (3) In the right-side pane, select <code>Microsoft Family Safety Certificate</code>, and then right-click to display the shortcut menu. Select <strong>All Tasks</strong>, and then click <strong>Export</strong>. (4) Continue through the Certificate Export Wizard: * When you are prompted to export the Private Key, click <strong>No</strong>. * For the export file format, select <strong>DER encoded binary X.509 (.CER)</strong>. * Use the browse button to browse to your desktop, and then specify a file name such as <code>Family Safety Certificate</code> for the file that you are exporting. The wizard automatically adds a ".cer" extension. * Click <strong>Next</strong>, and then click <strong>Finish</strong> to complete the export. (5) In Firefox, open the Advanced Panel of the Options page using: "3-bar" menu button (or Tools menu) > Options > Advanced Click the <strong>Certificates</strong> mini-tab, then the <strong>View Certificates</strong> button to display the Certificate Manager. (7) In the Certificate Manager, click the <strong>Authorities</strong> mini-tab, and then click the <strong>Import</strong> button. Firefox should be looking for .cer files automatically. (8) Point the import dialog to the desktop and select the <code>Family Safety Certificate</code> file that you previously exported, and then click <strong>Open</strong>. (9) In the <strong>Downloading Certificate</strong> dialog box, select the <strong>Trust this CA to identify web sites</strong> check box, and then click <strong>OK</strong>. Click <strong>OK</strong> again to exit the Certificate Manager. If Firefox doesn't trust Yahoo and Google immediately, you might need to clear Firefox's cache (see [[How to clear the Firefox cache]]), or exit out of Firefox and start it up again. Success?

Modified by jscher2000

Helpful Reply

Thank you. At first it didn't work because I set it up within my log-in. When I repeated it within my son's log-in it worked immediately.

Thank you. At first it didn't work because I set it up within my log-in. When I repeated it within my son's log-in it worked immediately.
jscher2000
  • Top 10 Contributor
8637 solutions 70651 answers

Thank you for reporting back. That makes sense, since you probably have separate Firefox profiles, each with its own certificate store.

Thank you for reporting back. That makes sense, since you probably have separate Firefox profiles, each with its own certificate store.