Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Some HTTPS sites report the same invalid certificate after recent Nightly updates

  • 20 replies
  • 6 have this problem
  • 2225 views
  • Last reply by KirillMysnik

more options

Hello there,

After my Firefox Nightly updated a couple of days ago (I currently have 2017-07-20 build, but the issue came up earlier), some sites like github.com, amazon.com and pastebin.com stopped loading with the SEC_ERROR_UNKNOWN_ISSUER error.

Info from the Advanced button:

https://github.com/

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true HTTP Public Key Pinning: true

Certificate chain:


BEGIN CERTIFICATE-----

MIICATCCAWoCCQD1ui5gnJHbtDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 cyBQdHkgTHRkMB4XDTE0MTAxMzEyNDYwM1oXDTE0MTExMjEyNDYwM1owRTELMAkG A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt4ka Npv6pBCK9BAVr8y7FgNkrvwtAOwfjR8HZwkHwk0xgbjt7UJQVvqdlTVOhEIscwVS KQAGrw9d0pfjRjgNZWNbw2KKfEjc5J4eByLnCrG0DtAfohgyLVppv8n5T0UgCH4A T3XPVLj/qdenv7ySbrNPdIq8TTlDVv+0Awsu8KcCAwEAATANBgkqhkiG9w0BAQUF AAOBgQBnYRFTWiLxrCbU3AQjLaEfGN6Kb1yf1Y2xxm/XkYPEoCN23zy3Yt3674KE lO3Z0TJv3pda+4WN41OnuYE1Vgatlhai/lgxJBfMkZ94IljnLs7uj5AfYQiffcx/ GVlxkEQXHDsyERWJmJjS/0swu7crz2O0Ip6IF30ILSBaRPBt3w==


END CERTIFICATE-----


The certificate is the same for all sites that stopped working. Firefox Nightly also says "The certificate expired on Wednesday, November 12, 2014, 3:46 PM."

Everything works fine when connected via TOR proxy. So I suspect my ISP. But I have no clue why it started happening right after one of the updates. The regular Firefox works fine, too.

What's also weird is that "Page Info" window (accessible via the address bar icon) tells me I don't have any password nor cookies saved for github.com. In fact, I do have cookies saved for GitHub, I've just confirmed that at about:preferences#privacy

The page visit counter (located on in that same window) says I've visited GitHub 7,822 times, so the counter probably works.

Chosen solution

A little update on this. I've contacted one of the Firefox developers - the one who was working on the TCP Fast Open feature - told them about the issue, they're now aware of it. What's more, in current Nightly builds the problem is not present (even with TFO turned on).

I guess I can mark this as solved, at least now I have an idea of what was going on.

Thanks to cor-el and jscher2000 for support.

Read this answer in context 👍 1

All Replies (20)

more options

Whoops, the image didn't get added

more options

That is an expired certificate.

    Data:
        Version: 1 (0x0)
        Serial Number: 17706515877439069108 (0xf5ba2e609c91dbb4)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Oct 13 12:46:03 2014 GMT
            Not After : Nov 12 12:46:03 2014 GMT
        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd

You can check the connection settings.

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

See "Firefox connection settings":

See also:

more options

Thanks for the fast reply!

I switched to "No Proxy" but that didn't solve the problem.

I'd go straight to my ISP forums if this didn't start hapenning right after the browser update.

more options

How about other browsers on your system? If you visit one of those problem sites in the other browser and check the certificate information, does it show the certificate as that expired one, or is the problem limited to Firefox?

At least one site suggests that issuer's certificates have been used to sign unwanted software: https://www.reasoncoresecurity.com/signer-internet-widgits-pty-ltd-009dd8bc177abb2f73.aspx


Could you test in Firefox's Safe Mode? In Safe Mode, Firefox temporarily deactivates extensions, hardware acceleration, and some other advanced features to help you assess whether these are causing the problem.

If Firefox is not running: Hold down the Shift key when starting Firefox.

If Firefox is running: You can restart Firefox in Safe Mode using either:

  • "3-bar" menu button > "?" button > Restart with Add-ons Disabled
  • Help menu > Restart with Add-ons Disabled

and OK the restart.

Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).

Any improvement? (More info: Troubleshoot Firefox issues using Safe Mode)

more options

Thanks for your reply!

Internet Explorer shows the correct certificate for github.com, signed by DigiCert.

Restarted in Safe Mode - the dialog appeared, I'm in Safe Mode now. But the problem persists.

Forgot to mention, I've performed a scan with Kaspersky Virus Removal Tool (their free service), targetting boot locations and memory. Nothing showed up.

more options

Google Chrome and the main-channel Firefox also show the correct certificate from DigiCert.

Modified by KirillMysnik

more options

Hmm, I don't normally use Nightly, but I updated it just now and don't notice any new issues with Github or Amazon.

Do you have any exceptions saved for these sites in the Certificate Manager?

"3-bar" menu button (or Tools menu) > Options

In the left column, click Advanced. Then on the right side, click the Certificates mini-tab along the top. Then click the "View Certificates" button.

This should open the Certificate Manager. Click the "Servers" tab. Ignore the ones for "*" and check for any servers matching problem sites.

more options

Well, I'm pretty confident that I've never added exceptions to amazon.com as I only started using their site this June.

Okay, I've made my way to the Certificate Manager window, though a bit differently.

Anyways, here's the only non-wildcard certificate there:

more options

Perhaps try some other malware cleaning tools. The support article lists several that are either free or have a free trial.

Troubleshoot Firefox issues caused by malware

more options

Tried Microsoft Safety Scanner and "SUPERAntiSpyware Portable Scanner Personal Edition" with no luck. Well, the latter has found 462 "threats" - tracking cookies.

I've googled that base64 string of the certificate:

Already tried to contact blacklion to get more info on that certificate, but judjing from their discussion at juick.com, blacklion got that certificate for smarkets.com, which (as reported by other users in that thread) was affected by our Internet censorship a the time.

Couldn't find sigsergv's contact info, but he lives in Novosibirsk.

It has to do something with Russian Internet regulation ^W censorship law, but... Why only Nightly? And only after the update? ><

I don't know what to think now.

Oh, and blacklion mentioned that he runs "FreeBSD with read-only filesystem", so... I guess I might stop searching for malware on my machine now?

Thank you for your support guys

more options

See also: https://www.google.com/search?q=%22Internet+Widgits+Pty+Ltd%22


Do a malware check with several malware scanning programs on the Windows computer.

Please scan with all programs because each program detects different malware. All these programs have free versions.

Make sure you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

more options

Note that in current Nightly releases with the new about:preferences design you can find the certificates under the Privacy & Security tab at the bottom of this list (Security -> Certificates).

more options
  • Malwarebytes Premium Trial has only detected CheatEngine as a PUP;
  • Malwarebytes AdwCleaner hasn't detected anything;
  • SuperAntispyware scan results were described in my previous post;
  • Microsoft Safety Scanner scan results were described in my previous post;
  • Windows Defender hasn't detected anything;
  • Spybot Search & Destroy has only detected tracking cookies and 7-Zip context menu entries;
  • Kasperky Free Security Scan has only detected 8 "other problems" like "non-standard IE start page" or "turning IE reports on may leak personal information"';
  • Kaspersky TDSSKiller hasn't detected anything;
more options

I've just installed the latest Nightly on another machine in my local network, and github.com now reports invalid certificate there, too.

As with my main desktop, other browsers (including Firefox) load these sites without problems.

more options

I've tried a different ISP (LTE), and these sites started loading in Nightly just fine. I guess it's just some magic incompatibility between one of the latest Nightly updates and my ISP then.

more options

Could you change your user agent on Nightly to the release UA to see whether that bypasses the problem? Here's how:

(0) Select and copy this new preference name:

general.useragent.override

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste usera and pause while the list is filtered

Assuming you do not see that preference:

(3) Right-click a blank area of the page, New > String, then paste the preference name and click OK, then enter any text temporarily and click okay

Once the preference exists:

(4) Select and copy this value:

64-bit Firefox on 64-bit Windows 10:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0

32-bit Firefox on 64-bit Windows 10:
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0

(5) Double-click the general.useragent.override preference and paste the new value, then click OK

You can test that the new value is sent using https://www.jeffersonscher.com/res/jstest.php (red text)

To clear the override later, right-click the preference and choose Reset.

more options

I did what you proposed.

Unfortunately, faking Firefox 54 didn't solve the problem.

I also tried setting my User-Agent to the one from Edge. Didn't work either.

more options

I've looked through the commit history on Mozilla's GitHub mirror, and got interested by this commit: https://github.com/mozilla/gecko-dev/commit/02da186004ba9d352f746304efea0c022ba78f69

network.tcp.tcp_fastopen_enable's default value in my current Nightly is true. If I switch it to false, the problem dissapears.

However, when I switch it back to true, the problem is still not present. I need to restart Nightly (with that pref set to true) for it to come back again.

more options
more options

Chosen Solution

A little update on this. I've contacted one of the Firefox developers - the one who was working on the TCP Fast Open feature - told them about the issue, they're now aware of it. What's more, in current Nightly builds the problem is not present (even with TFO turned on).

I guess I can mark this as solved, at least now I have an idea of what was going on.

Thanks to cor-el and jscher2000 for support.