X
Tap here to go to the mobile version of the site.

Support Forum

Website gives me "SEC_ERROR_UNKNOWN_ISSUER" error but I am unable to get past it following troubleshooting

Posted

I am running Firefox 45.0.1 and have been unable to access a website that I usually use to monitor my internet usage. The site is "http://www.nwtel.ca/my-account/internet-usage-report/" and i have followed this page "https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER#w_the-error-occurs-on-one-particular-site-only" to try and eliminate the issue but have been unable to get anywhere. I did what the page said and tried to add it to my exceptions manually as there is no option to add it on the page but have found no luck yet. I tried emailing the company and they say contact Firefox or use Internet explorer as according to them the internet usage page is working. Looking for any help anyone can give on this as Firefox dose have a contact us option.

I am running Firefox 45.0.1 and have been unable to access a website that I usually use to monitor my internet usage. The site is "http://www.nwtel.ca/my-account/internet-usage-report/" and i have followed this page "https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER#w_the-error-occurs-on-one-particular-site-only" to try and eliminate the issue but have been unable to get anywhere. I did what the page said and tried to add it to my exceptions manually as there is no option to add it on the page but have found no luck yet. I tried emailing the company and they say contact Firefox or use Internet explorer as according to them the internet usage page is working. Looking for any help anyone can give on this as Firefox dose have a contact us option.
Attached screenshots

Modified by gumby173

Chosen solution

If you can't inspect the certificate via Advanced (I Understand the Risks) then try this:

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website with the https:// protocol prefix (https://xxx.xxx).

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then please attach a screenshot that shows the Certificate Viewer with the issuer.

Read this answer in context 2

Additional System Details

Installed Plug-ins

  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.77.2 for Mozilla browsers
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • BlackBerry WebSL Browser Plug-In
  • Shockwave Flash 21.0 r0
  • 5.1.41212.0
  • VLC media player Web Plugin
  • iTunes Detector Plug-in

Application

  • Firefox 45.0.1
  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
  • Support URL: https://support.mozilla.org/1/firefox/45.0.1/WINNT/en-US/

Extensions

  • F5 Networks Host Plugin 7101.2014.1106.1707 ({DBBB3167-6E81-400f-BBFD-BD8921726F52})
  • Firefox Hello Beta 1.1.14 (loop@mozilla.org)
  • Kaspersky Protection 4.6.2.31 (light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics Family
  • adapterDescription2: NVIDIA GeForce GT 750M
  • adapterDeviceID: 0x0a16
  • adapterDeviceID2: 0x0fe4
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igd12umd64 igdumdim32 igd10iumd32 igd10iumd32 igd12umd32
  • adapterDrivers2: nvd3dumx,nvwgf2umx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um,nvwgf2um
  • adapterRAM: Unknown
  • adapterRAM2: 2048
  • adapterSubsysID: 05fc1028
  • adapterSubsysID2: 05fc1028
  • adapterVendorID: 0x8086
  • adapterVendorID2: 0x10de
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.10586.0
  • driverDate: 11-18-2015
  • driverDate2: 3-21-2016
  • driverVersion: 20.19.15.4331
  • driverVersion2: 10.18.13.6472
  • info: {u'AzureContentBackend': u'direct2d 1.1', u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 2
  • numTotalWindows: 2
  • supportsHardwareH264: Yes
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Family Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: Yes
guigs 1072 solutions 11697 answers

Helpful Reply

If you click on Advanced is there more information on the error? I understand that adding the security exception was not an option.

Also please consider the following troubleshooting steps:

  1. Toggle the Kapersky preferences for this site
  2. Try using Firefox beta, at the moment when testing I did not have a problem visiting the site in version 46.
If you click on Advanced is there more information on the error? I understand that adding the security exception was not an option. Also please consider the following troubleshooting steps: # Toggle the Kapersky preferences for this site # Try using Firefox beta, at the moment when testing I did not have a problem visiting the site in version 46.
cor-el
  • Top 10 Contributor
  • Moderator
17759 solutions 160617 answers

Chosen Solution

If you can't inspect the certificate via Advanced (I Understand the Risks) then try this:

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website with the https:// protocol prefix (https://xxx.xxx).

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then please attach a screenshot that shows the Certificate Viewer with the issuer.

If you can't inspect the certificate via Advanced (I Understand the Risks) then try this: Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate: *<b>chrome://pippki/content/exceptionDialog.xul</b> In the location field of this window type or paste the URL of the website with the https:// protocol prefix (https://xxx.xxx). *retrieve the certificate via the "Get certificate" button *click the "View..." button to inspect the certificate in the Certificate Viewer You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then please attach a screenshot that shows the Certificate Viewer with the issuer.

Question owner

cor-el's answer worked just had to put "https://apps.nwtel.ca" into the field and add a security exception.

cor-el's answer worked just had to put "https://apps.nwtel.ca" into the field and add a security exception.
cor-el
  • Top 10 Contributor
  • Moderator
17759 solutions 160617 answers

The apps.nwtel.ca server doesn't send all intermediate certificates (Go Daddy Secure Certification Authority) needed to build a complete certificate chain.

You can check the server via this website:

You can contact the website and ask them to install the "Go Daddy Secure Certification Authority" certificate. Expand GoDaddy Certificate Chain:

The <b>apps<i></i>.nwtel<i></i>.ca</b> server doesn't send all intermediate certificates (Go Daddy Secure Certification Authority) needed to build a complete certificate chain. You can check the server via this website: *https://www.ssllabs.com/ssltest/analyze.html?d=apps.nwtel.ca&latest You can contact the website and ask them to install the "Go Daddy Secure Certification Authority" certificate. Expand GoDaddy Certificate Chain: *https://certificates.godaddy.com/repository

Question owner

Honestly the Northwestel customer support is horrible and they offer the worst help I have seen in customer service. Their answer to me for everything was our service is functioning use internet explorer or contact Firefox. I had already contacted them 5 times, the first 3 required follow up because no one responded. I really appreciate your help with this thank you so much.

Honestly the Northwestel customer support is horrible and they offer the worst help I have seen in customer service. Their answer to me for everything was our service is functioning use internet explorer or contact Firefox. I had already contacted them 5 times, the first 3 required follow up because no one responded. I really appreciate your help with this thank you so much.
cor-el
  • Top 10 Contributor
  • Moderator
17759 solutions 160617 answers

Note that Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future use, so if you have visited a website that has send this intermediate certificate in the past then Firefox will not display the error page when you visit a server that doesn't send this intermediate certificate.

You can download and save the intermediate certificate via this page/link and install the certificate in the Certificate Manager. Do NOT check off any of the trust boxes as those are only required for root certificates and not for intermediate certificates.

  • Tools > Options > Advanced > Certificates: View Certificates > Authorities

godaddy_intermediate.crt

-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
U+4=
-----END CERTIFICATE-----
Note that Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future use, so if you have visited a website that has send this intermediate certificate in the past then Firefox will not display the error page when you visit a server that doesn't send this intermediate certificate. You can download and save the intermediate certificate via this page/link and install the certificate in the Certificate Manager. Do NOT check off any of the trust boxes as those are only required for root certificates and not for intermediate certificates. *Tools > Options > Advanced > Certificates: View Certificates > Authorities godaddy_intermediate.crt <pre><nowiki> -----BEGIN CERTIFICATE----- MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ 6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o 0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV U+4= -----END CERTIFICATE-----</nowiki></pre>