Question

This thread was archived. Please ask a new question if you need help.

getting SEC_ERROR_UNKNOWN_ISSUER error

6 replies
106 have this problem
194 views
Last reply by cor-el

6 years ago

6/6/17, 9:30 PM

I’m getting loads of certificate failures "SEC_ERROR_UNKNOWN_ISSUER" on secure websites” on quite normal and obnoxious websites such as Google Search, Yahoo, Gmail, Flickr, various banks etc.

This happened after the firefox pacakge upgraded from 25.0.1 R3 to 52.1.2 ESR.

Please find below more informaton copied from the Advanced section;

https://www.google.co.in/?gfe_rd=cr&ei=qeM3WZrHF6Ly8AfR4qjQBQ&gws_rd=ssl

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: true

Certificate chain:

BEGIN CERTIFICATE-----

MIIESDCCAzCgAwIBAgIIJH40jaxwN6EwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxac2NhbGVyIElu Yy4xFTATBgNVBAsTDFpzY2FsZXIgSW5jLjEzMDEGA1UEAxMqWnNjYWxlciBJbnRl cm1lZGlhdGUgUm9vdCBDQSAoenNjYWxlci5uZXQpMSIwIAYJKoZIhvcNAQkBFhNz dXBwb3J0QHpzY2FsZXIuY29tMB4XDTE3MDUyNDE3MTMwMFoXDTE3MDgxNjE3MTMw MFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM DU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxFzAVBgNVBAMMDiou Z29vZ2xlLmNvLmluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRbD IAnS2CXCqS6tE+IerHySRI7i+aS4D1ng7JpibOY5GkAlmtlnfExLyvrtjGxmQvAA SzrPLnVEO3EOfrgac6GPffJy3mtQT7Z9er5iegbHyl+1Y4G5bRSYRInWF8sh2zxc +vuy9vH86VBWMBbApB2E6DG4FLPBKEMlhKu+jrKWHozKWsxRQ4ggwzejQxqacf8W QTHjT/rQVC552Lw5+TBrIkih0PiYwAyXEUgCre5pmTt/dK3Cjwch7YEqhl4Ke7oZ wQygdkcEkWQWkWQsTEMS+cD7BZfRqwXj/HYbWz0yMx/uE0RrkyeeztjASzkmiwD4 ++Y601nhuLiNeJzxKQIDAQABo4GzMIGwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjA/BgNVHREEODA2gg4qLmdvb2dsZS5jby5pboILKi5nb29nbGUuaW6C DGdvb2dsZS5jby5pboIJZ29vZ2xlLmluMAwGA1UdEwEB/wQCMAAwQAYDVR0fBDkw NzA1oDOgMYYvaHR0cDovL2dhdGV3YXkuenNjYWxlci5uZXQvenNjYWxlci16c2Ny bC0tNC5jcmwwDQYJKoZIhvcNAQELBQADggEBACc33pnEEWsWagYtATsphHQ7A8X1 2kemRF90f9y3dyWVOFqLdYzBs9WC+I/Rqm7NMlRHNmKAmdtM6YkOpFnJm/1++Ort xnBdRxftzVz/DubBl2NM52LWQFF1luVuWSiDGaae6MryDUmS46i2TRkCe8rx/HKI zyunPJ6FoIbSGWCVTqwp/VxnX++utlM2d5EsFsiTetx7D5ni1hB2BGN/Onnm5Rfr jnhD93+CI4CBaXo8PhGQZh4WpH6x0O8Tpts50e8sdlCZReiQ70/HynCx+dA3Uvb4 BoodPIE80faQpOvTXdmpLuYeEUR0Siz9EWwPeixh0HoZbBBBg1udX/trfQg=

END CERTIFICATE-----

BEGIN CERTIFICATE-----

MIIEBDCCAuygAwIBAgICd3wwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEVMBMGA1UE ChMMWnNjYWxlciBJbmMuMRUwEwYDVQQLEwxac2NhbGVyIEluYy4xGDAWBgNVBAMT D1pzY2FsZXIgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEB6c2NhbGVy LmNvbTAeFw0xNTAxMDYyMjM2MzRaFw00MjA1MjMyMjM2MzRaMIGpMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMWnNjYWxlciBJbmMu MRUwEwYDVQQLEwxac2NhbGVyIEluYy4xMzAxBgNVBAMTKlpzY2FsZXIgSW50ZXJt ZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXIubmV0KTEiMCAGCSqGSIb3DQEJARYTc3Vw cG9ydEB6c2NhbGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJ0WwyAJ0tglwqkurRPiHqx8kkSO4vmkuA9Z4OyaYmzmORpAJZrZZ3xMS8r67Yxs ZkLwAEs6zy51RDtxDn64GnOhj33yct5rUE+2fXq+YnoGx8pftWOBuW0UmESJ1hfL Ids8XPr7svbx/OlQVjAWwKQdhOgxuBSzwShDJYSrvo6ylh6MylrMUUOIIMM3o0Ma mnH/FkEx40/60FQuedi8OfkwayJIodD4mMAMlxFIAq3uaZk7f3Stwo8HIe2BKoZe Cnu6GcEMoHZHBJFkFpFkLExDEvnA+wWX0asF4/x2G1s9MjMf7hNEa5Mnns7YwEs5 JosA+PvmOtNZ4bi4jXic8SkCAwEAAaM8MDowHQYDVR0OBBYEFIedbYoiBqnrqKCA ddzKcd2UWyisMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MA0GCSqGSIb3DQEB CwUAA4IBAQAxt5rXlBIJqS4pYyoitWk1SqNNQnkH0pnMJrtnPlAPosXvRWvtEosx pgYsSOoEKPqQ7hYxSUITc2cUBEBco0FK/2e73L0dSqeMi8hMMnSR8+YFC96n92R4 wtE+uRuY307xKkmIufaSbBNrJoo82HkZ6dGD2J6SbyzfGKQoTDNQBfvk1mYeafxW 7fvExvq6WlVnAJTeg0J5yGg4TWHU2WpgOgG1N3fqCxfAwvlD3uwUYrYgb3mNItCS M4GYCkCPrwDV0VsLMsmYwtS8U4/jiWfd5Gf43mrkIDobb2Jf6RQpfHOs5xHJDxOj yzkPMM6VQRmc92J+EH0+7xLErab7E7mg

END CERTIFICATE-----

I’m getting loads of certificate failures "SEC_ERROR_UNKNOWN_ISSUER" on secure websites” on quite normal and obnoxious websites such as Google Search, Yahoo, Gmail, Flickr, various banks etc. This happened after the firefox pacakge upgraded from 25.0.1 R3 to 52.1.2 ESR. Please find below more informaton copied from the Advanced section; https://www.google.co.in/?gfe_rd=cr&ei=qeM3WZrHF6Ly8AfR4qjQBQ&gws_rd=ssl Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: true Certificate chain: -----BEGIN CERTIFICATE----- MIIESDCCAzCgAwIBAgIIJH40jaxwN6EwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxac2NhbGVyIElu Yy4xFTATBgNVBAsTDFpzY2FsZXIgSW5jLjEzMDEGA1UEAxMqWnNjYWxlciBJbnRl cm1lZGlhdGUgUm9vdCBDQSAoenNjYWxlci5uZXQpMSIwIAYJKoZIhvcNAQkBFhNz dXBwb3J0QHpzY2FsZXIuY29tMB4XDTE3MDUyNDE3MTMwMFoXDTE3MDgxNjE3MTMw MFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM DU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxFzAVBgNVBAMMDiou Z29vZ2xlLmNvLmluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRbD IAnS2CXCqS6tE+IerHySRI7i+aS4D1ng7JpibOY5GkAlmtlnfExLyvrtjGxmQvAA SzrPLnVEO3EOfrgac6GPffJy3mtQT7Z9er5iegbHyl+1Y4G5bRSYRInWF8sh2zxc +vuy9vH86VBWMBbApB2E6DG4FLPBKEMlhKu+jrKWHozKWsxRQ4ggwzejQxqacf8W QTHjT/rQVC552Lw5+TBrIkih0PiYwAyXEUgCre5pmTt/dK3Cjwch7YEqhl4Ke7oZ wQygdkcEkWQWkWQsTEMS+cD7BZfRqwXj/HYbWz0yMx/uE0RrkyeeztjASzkmiwD4 ++Y601nhuLiNeJzxKQIDAQABo4GzMIGwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjA/BgNVHREEODA2gg4qLmdvb2dsZS5jby5pboILKi5nb29nbGUuaW6C DGdvb2dsZS5jby5pboIJZ29vZ2xlLmluMAwGA1UdEwEB/wQCMAAwQAYDVR0fBDkw NzA1oDOgMYYvaHR0cDovL2dhdGV3YXkuenNjYWxlci5uZXQvenNjYWxlci16c2Ny bC0tNC5jcmwwDQYJKoZIhvcNAQELBQADggEBACc33pnEEWsWagYtATsphHQ7A8X1 2kemRF90f9y3dyWVOFqLdYzBs9WC+I/Rqm7NMlRHNmKAmdtM6YkOpFnJm/1++Ort xnBdRxftzVz/DubBl2NM52LWQFF1luVuWSiDGaae6MryDUmS46i2TRkCe8rx/HKI zyunPJ6FoIbSGWCVTqwp/VxnX++utlM2d5EsFsiTetx7D5ni1hB2BGN/Onnm5Rfr jnhD93+CI4CBaXo8PhGQZh4WpH6x0O8Tpts50e8sdlCZReiQ70/HynCx+dA3Uvb4 BoodPIE80faQpOvTXdmpLuYeEUR0Siz9EWwPeixh0HoZbBBBg1udX/trfQg= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEBDCCAuygAwIBAgICd3wwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEVMBMGA1UE ChMMWnNjYWxlciBJbmMuMRUwEwYDVQQLEwxac2NhbGVyIEluYy4xGDAWBgNVBAMT D1pzY2FsZXIgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEB6c2NhbGVy LmNvbTAeFw0xNTAxMDYyMjM2MzRaFw00MjA1MjMyMjM2MzRaMIGpMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMWnNjYWxlciBJbmMu MRUwEwYDVQQLEwxac2NhbGVyIEluYy4xMzAxBgNVBAMTKlpzY2FsZXIgSW50ZXJt ZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXIubmV0KTEiMCAGCSqGSIb3DQEJARYTc3Vw cG9ydEB6c2NhbGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJ0WwyAJ0tglwqkurRPiHqx8kkSO4vmkuA9Z4OyaYmzmORpAJZrZZ3xMS8r67Yxs ZkLwAEs6zy51RDtxDn64GnOhj33yct5rUE+2fXq+YnoGx8pftWOBuW0UmESJ1hfL Ids8XPr7svbx/OlQVjAWwKQdhOgxuBSzwShDJYSrvo6ylh6MylrMUUOIIMM3o0Ma mnH/FkEx40/60FQuedi8OfkwayJIodD4mMAMlxFIAq3uaZk7f3Stwo8HIe2BKoZe Cnu6GcEMoHZHBJFkFpFkLExDEvnA+wWX0asF4/x2G1s9MjMf7hNEa5Mnns7YwEs5 JosA+PvmOtNZ4bi4jXic8SkCAwEAAaM8MDowHQYDVR0OBBYEFIedbYoiBqnrqKCA ddzKcd2UWyisMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MA0GCSqGSIb3DQEB CwUAA4IBAQAxt5rXlBIJqS4pYyoitWk1SqNNQnkH0pnMJrtnPlAPosXvRWvtEosx pgYsSOoEKPqQ7hYxSUITc2cUBEBco0FK/2e73L0dSqeMi8hMMnSR8+YFC96n92R4 wtE+uRuY307xKkmIufaSbBNrJoo82HkZ6dGD2J6SbyzfGKQoTDNQBfvk1mYeafxW 7fvExvq6WlVnAJTeg0J5yGg4TWHU2WpgOgG1N3fqCxfAwvlD3uwUYrYgb3mNItCS M4GYCkCPrwDV0VsLMsmYwtS8U4/jiWfd5Gf43mrkIDobb2Jf6RQpfHOs5xHJDxOj yzkPMM6VQRmc92J+EH0+7xLErab7E7mg -----END CERTIFICATE-----

Chosen solution

yes, your setting will remain for future firefox versions. it basically makes firefox look in the windows trust store to validate certificates instead of its own...

👍 4

Answer 1 · 2017-06-06 21:30:52

philipp

Moderator

6/6/17, 10:08 PM

hi, it looks like your in a corporate environment where zscaler is monitoring/intercepting all network traffic. in order for this to work you either have to import zscaler's root certificate into firefox or enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.enterprise_roots.enabled. double-click it and change its value to true.

Answer 2 · 2017-06-06 21:30:52

kumargvm Question owner

6/7/17, 6:59 PM

Thanks for the quick response. Indeed it resolved the issue.

Curious to know if the value is set to True, will it still be applicable for any future update of Firefox package as well?

Answer 3 · 2017-06-06 21:30:52

philipp

Moderator

6/7/17, 7:03 PM

Chosen Solution

yes, your setting will remain for future firefox versions. it basically makes firefox look in the windows trust store to validate certificates instead of its own...

Answer 4 · 2017-06-06 21:30:52

kumargvm Question owner

6/7/17, 7:12 PM

Thanks Philip.

Answer 5 · 2017-06-06 21:30:52

enfield

10/30/17, 6:51 AM

kumargvm said

I’m getting loads of certificate failures "SEC_ERROR_UNKNOWN_ISSUER" on secure websites” on quite normal and obnoxious websites such as Google Search, Yahoo, Gmail, Flickr, various banks etc. This happened after the firefox pacakge upgraded from 25.0.1 R3 to 52.1.2 ESR. Please find below more informaton copied from the Advanced section; https://www.google.co.in/?gfe_rd=cr&ei=qeM3WZrHF6Ly8AfR4qjQBQ&gws_rd=ssl Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: true Certificate chain:
BEGIN CERTIFICATE-----
MIIESDCCAzCgAwIBAgIIJH40jaxwN6EwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxac2NhbGVyIElu Yy4xFTATBgNVBAsTDFpzY2FsZXIgSW5jLjEzMDEGA1UEAxMqWnNjYWxlciBJbnRl cm1lZGlhdGUgUm9vdCBDQSAoenNjYWxlci5uZXQpMSIwIAYJKoZIhvcNAQkBFhNz dXBwb3J0QHpzY2FsZXIuY29tMB4XDTE3MDUyNDE3MTMwMFoXDTE3MDgxNjE3MTMw MFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM DU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxFzAVBgNVBAMMDiou Z29vZ2xlLmNvLmluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRbD IAnS2CXCqS6tE+IerHySRI7i+aS4D1ng7JpibOY5GkAlmtlnfExLyvrtjGxmQvAA SzrPLnVEO3EOfrgac6GPffJy3mtQT7Z9er5iegbHyl+1Y4G5bRSYRInWF8sh2zxc +vuy9vH86VBWMBbApB2E6DG4FLPBKEMlhKu+jrKWHozKWsxRQ4ggwzejQxqacf8W QTHjT/rQVC552Lw5+TBrIkih0PiYwAyXEUgCre5pmTt/dK3Cjwch7YEqhl4Ke7oZ wQygdkcEkWQWkWQsTEMS+cD7BZfRqwXj/HYbWz0yMx/uE0RrkyeeztjASzkmiwD4 ++Y601nhuLiNeJzxKQIDAQABo4GzMIGwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjA/BgNVHREEODA2gg4qLmdvb2dsZS5jby5pboILKi5nb29nbGUuaW6C DGdvb2dsZS5jby5pboIJZ29vZ2xlLmluMAwGA1UdEwEB/wQCMAAwQAYDVR0fBDkw NzA1oDOgMYYvaHR0cDovL2dhdGV3YXkuenNjYWxlci5uZXQvenNjYWxlci16c2Ny bC0tNC5jcmwwDQYJKoZIhvcNAQELBQADggEBACc33pnEEWsWagYtATsphHQ7A8X1 2kemRF90f9y3dyWVOFqLdYzBs9WC+I/Rqm7NMlRHNmKAmdtM6YkOpFnJm/1++Ort xnBdRxftzVz/DubBl2NM52LWQFF1luVuWSiDGaae6MryDUmS46i2TRkCe8rx/HKI zyunPJ6FoIbSGWCVTqwp/VxnX++utlM2d5EsFsiTetx7D5ni1hB2BGN/Onnm5Rfr jnhD93+CI4CBaXo8PhGQZh4WpH6x0O8Tpts50e8sdlCZReiQ70/HynCx+dA3Uvb4 BoodPIE80faQpOvTXdmpLuYeEUR0Siz9EWwPeixh0HoZbBBBg1udX/trfQg=

END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgICd3wwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEVMBMGA1UE ChMMWnNjYWxlciBJbmMuMRUwEwYDVQQLEwxac2NhbGVyIEluYy4xGDAWBgNVBAMT D1pzY2FsZXIgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEB6c2NhbGVy LmNvbTAeFw0xNTAxMDYyMjM2MzRaFw00MjA1MjMyMjM2MzRaMIGpMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMWnNjYWxlciBJbmMu MRUwEwYDVQQLEwxac2NhbGVyIEluYy4xMzAxBgNVBAMTKlpzY2FsZXIgSW50ZXJt ZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXIubmV0KTEiMCAGCSqGSIb3DQEJARYTc3Vw cG9ydEB6c2NhbGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJ0WwyAJ0tglwqkurRPiHqx8kkSO4vmkuA9Z4OyaYmzmORpAJZrZZ3xMS8r67Yxs ZkLwAEs6zy51RDtxDn64GnOhj33yct5rUE+2fXq+YnoGx8pftWOBuW0UmESJ1hfL Ids8XPr7svbx/OlQVjAWwKQdhOgxuBSzwShDJYSrvo6ylh6MylrMUUOIIMM3o0Ma mnH/FkEx40/60FQuedi8OfkwayJIodD4mMAMlxFIAq3uaZk7f3Stwo8HIe2BKoZe Cnu6GcEMoHZHBJFkFpFkLExDEvnA+wWX0asF4/x2G1s9MjMf7hNEa5Mnns7YwEs5 JosA+PvmOtNZ4bi4jXic8SkCAwEAAaM8MDowHQYDVR0OBBYEFIedbYoiBqnrqKCA ddzKcd2UWyisMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MA0GCSqGSIb3DQEB CwUAA4IBAQAxt5rXlBIJqS4pYyoitWk1SqNNQnkH0pnMJrtnPlAPosXvRWvtEosx pgYsSOoEKPqQ7hYxSUITc2cUBEBco0FK/2e73L0dSqeMi8hMMnSR8+YFC96n92R4 wtE+uRuY307xKkmIufaSbBNrJoo82HkZ6dGD2J6SbyzfGKQoTDNQBfvk1mYeafxW 7fvExvq6WlVnAJTeg0J5yGg4TWHU2WpgOgG1N3fqCxfAwvlD3uwUYrYgb3mNItCS M4GYCkCPrwDV0VsLMsmYwtS8U4/jiWfd5Gf43mrkIDobb2Jf6RQpfHOs5xHJDxOj yzkPMM6VQRmc92J+EH0+7xLErab7E7mg

END CERTIFICATE-----

I have similar issue and the application has been published in Citrix XenApp 7.x.

The website is being called using Firefox and the user are getting prompted with the following message

"Your connection is not secure"

Once the user clicks on Advanced and adds the Excepts then they are able to access the website. This is frustrating. How would you bypass this and get to the logon screen directly.

We do have ZScalers but that is only at the client level not at the server level. Citrix servers do not have ZScalers. This is really frustrating and I want to know how to get passed this? Can this site be added to trusted sites resolve the issue?

This is happening even in IE and once you click on the "Continue to this website (not recommended) it immediately goes to the logon page.

Appreciate what can be done as we have around 30 plus servers that this application is being published from. It is in the image of a PVS server, so we may have to update one image and push it out. Any thoughts what can be done for this not to pop-up and the user need not add any exceptions. It is affecting the work badly. Please advice.

''kumargvm [[#question-1163239|said]]'' <blockquote> I’m getting loads of certificate failures "SEC_ERROR_UNKNOWN_ISSUER" on secure websites” on quite normal and obnoxious websites such as Google Search, Yahoo, Gmail, Flickr, various banks etc. This happened after the firefox pacakge upgraded from 25.0.1 R3 to 52.1.2 ESR. Please find below more informaton copied from the Advanced section; https://www.google.co.in/?gfe_rd=cr&ei=qeM3WZrHF6Ly8AfR4qjQBQ&gws_rd=ssl Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: true Certificate chain: -----BEGIN CERTIFICATE----- MIIESDCCAzCgAwIBAgIIJH40jaxwN6EwDQYJKoZIhvcNAQELBQAwgakxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxac2NhbGVyIElu Yy4xFTATBgNVBAsTDFpzY2FsZXIgSW5jLjEzMDEGA1UEAxMqWnNjYWxlciBJbnRl cm1lZGlhdGUgUm9vdCBDQSAoenNjYWxlci5uZXQpMSIwIAYJKoZIhvcNAQkBFhNz dXBwb3J0QHpzY2FsZXIuY29tMB4XDTE3MDUyNDE3MTMwMFoXDTE3MDgxNjE3MTMw MFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM DU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxFzAVBgNVBAMMDiou Z29vZ2xlLmNvLmluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRbD IAnS2CXCqS6tE+IerHySRI7i+aS4D1ng7JpibOY5GkAlmtlnfExLyvrtjGxmQvAA SzrPLnVEO3EOfrgac6GPffJy3mtQT7Z9er5iegbHyl+1Y4G5bRSYRInWF8sh2zxc +vuy9vH86VBWMBbApB2E6DG4FLPBKEMlhKu+jrKWHozKWsxRQ4ggwzejQxqacf8W QTHjT/rQVC552Lw5+TBrIkih0PiYwAyXEUgCre5pmTt/dK3Cjwch7YEqhl4Ke7oZ wQygdkcEkWQWkWQsTEMS+cD7BZfRqwXj/HYbWz0yMx/uE0RrkyeeztjASzkmiwD4 ++Y601nhuLiNeJzxKQIDAQABo4GzMIGwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjA/BgNVHREEODA2gg4qLmdvb2dsZS5jby5pboILKi5nb29nbGUuaW6C DGdvb2dsZS5jby5pboIJZ29vZ2xlLmluMAwGA1UdEwEB/wQCMAAwQAYDVR0fBDkw NzA1oDOgMYYvaHR0cDovL2dhdGV3YXkuenNjYWxlci5uZXQvenNjYWxlci16c2Ny bC0tNC5jcmwwDQYJKoZIhvcNAQELBQADggEBACc33pnEEWsWagYtATsphHQ7A8X1 2kemRF90f9y3dyWVOFqLdYzBs9WC+I/Rqm7NMlRHNmKAmdtM6YkOpFnJm/1++Ort xnBdRxftzVz/DubBl2NM52LWQFF1luVuWSiDGaae6MryDUmS46i2TRkCe8rx/HKI zyunPJ6FoIbSGWCVTqwp/VxnX++utlM2d5EsFsiTetx7D5ni1hB2BGN/Onnm5Rfr jnhD93+CI4CBaXo8PhGQZh4WpH6x0O8Tpts50e8sdlCZReiQ70/HynCx+dA3Uvb4 BoodPIE80faQpOvTXdmpLuYeEUR0Siz9EWwPeixh0HoZbBBBg1udX/trfQg= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEBDCCAuygAwIBAgICd3wwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEVMBMGA1UE ChMMWnNjYWxlciBJbmMuMRUwEwYDVQQLEwxac2NhbGVyIEluYy4xGDAWBgNVBAMT D1pzY2FsZXIgUm9vdCBDQTEiMCAGCSqGSIb3DQEJARYTc3VwcG9ydEB6c2NhbGVy LmNvbTAeFw0xNTAxMDYyMjM2MzRaFw00MjA1MjMyMjM2MzRaMIGpMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMWnNjYWxlciBJbmMu MRUwEwYDVQQLEwxac2NhbGVyIEluYy4xMzAxBgNVBAMTKlpzY2FsZXIgSW50ZXJt ZWRpYXRlIFJvb3QgQ0EgKHpzY2FsZXIubmV0KTEiMCAGCSqGSIb3DQEJARYTc3Vw cG9ydEB6c2NhbGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJ0WwyAJ0tglwqkurRPiHqx8kkSO4vmkuA9Z4OyaYmzmORpAJZrZZ3xMS8r67Yxs ZkLwAEs6zy51RDtxDn64GnOhj33yct5rUE+2fXq+YnoGx8pftWOBuW0UmESJ1hfL Ids8XPr7svbx/OlQVjAWwKQdhOgxuBSzwShDJYSrvo6ylh6MylrMUUOIIMM3o0Ma mnH/FkEx40/60FQuedi8OfkwayJIodD4mMAMlxFIAq3uaZk7f3Stwo8HIe2BKoZe Cnu6GcEMoHZHBJFkFpFkLExDEvnA+wWX0asF4/x2G1s9MjMf7hNEa5Mnns7YwEs5 JosA+PvmOtNZ4bi4jXic8SkCAwEAAaM8MDowHQYDVR0OBBYEFIedbYoiBqnrqKCA ddzKcd2UWyisMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MA0GCSqGSIb3DQEB CwUAA4IBAQAxt5rXlBIJqS4pYyoitWk1SqNNQnkH0pnMJrtnPlAPosXvRWvtEosx pgYsSOoEKPqQ7hYxSUITc2cUBEBco0FK/2e73L0dSqeMi8hMMnSR8+YFC96n92R4 wtE+uRuY307xKkmIufaSbBNrJoo82HkZ6dGD2J6SbyzfGKQoTDNQBfvk1mYeafxW 7fvExvq6WlVnAJTeg0J5yGg4TWHU2WpgOgG1N3fqCxfAwvlD3uwUYrYgb3mNItCS M4GYCkCPrwDV0VsLMsmYwtS8U4/jiWfd5Gf43mrkIDobb2Jf6RQpfHOs5xHJDxOj yzkPMM6VQRmc92J+EH0+7xLErab7E7mg -----END CERTIFICATE----- </blockquote> I have similar issue and the application has been published in Citrix XenApp 7.x. The website is being called using Firefox and the user are getting prompted with the following message "Your connection is not secure" Once the user clicks on Advanced and adds the Excepts then they are able to access the website. This is frustrating. How would you bypass this and get to the logon screen directly. We do have ZScalers but that is only at the client level not at the server level. Citrix servers do not have ZScalers. This is really frustrating and I want to know how to get passed this? Can this site be added to trusted sites resolve the issue? This is happening even in IE and once you click on the "Continue to this website (not recommended) it immediately goes to the logon page. Appreciate what can be done as we have around 30 plus servers that this application is being published from. It is in the image of a PVS server, so we may have to update one image and push it out. Any thoughts what can be done for this not to pop-up and the user need not add any exceptions. It is affecting the work badly. Please advice.

Answer 6 · 2017-06-06 21:30:52

cor-el

Moderator
Top 10 Contributor

10/30/17, 12:14 PM

Hi enfield

Could you please start a new thread for your question?

Then you can provide more information.

https://support.mozilla.org/en-US/questions/new

There shouldn't be any need to add an exception. You first need to make sure that there are no issues with missing intermediate certificates.

https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

You can check the server:

https://www.ssllabs.com/ssltest/

Search Support

getting SEC_ERROR_UNKNOWN_ISSUER error

Chosen solution

All Replies (6)

Chosen Solution

Ask a Question

Explore Our Help Articles

Mozilla Account

Search Support

getting SEC_ERROR_UNKNOWN_ISSUER error

Chosen solution

All Replies (6)

Chosen Solution