Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Today I'm unable to access Google, Error code: SEC_ERROR_UNKNOWN_ISSUER.

  • 6 replies
  • 5 have this problem
  • 24 views
  • Last reply by Rebel49

more options

Just today I've been unable to access Google on Firefox. Error code as above. Error text below. I have Windows 10, Windows Defender and Malwarebytes, none of the antivirus mentioned on the relevant Help page. Never happened before and nothing else has changed on my computer. I can access Google on Chrome. Is this just a temporary glitch? Advice please.

Here's the error text:

https://www.google.com/search?q=abc&ie=utf-8&oe=utf-8&client=firefox-b Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: true Certificate chain:


BEGIN CERTIFICATE-----

MIIDuzCCAqOgAwIBAgIIZbQAduIAnFIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMTEwMDkzOTAwWhcNMTgwNDA0MDkzOTAw WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiG/dZRdcEvLXG kiG21fvKgk0IzjJTNsmmG0h8t3dL/43rFbrCfo01us65WCi3hcVYl0U1SFUSOTUJ VsoxXxkCo4IBUTCCAU0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQD AgeAMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMGgGCCsGAQUFBwEBBFwwWjAr BggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggr BgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4E FgQU2ZfN51KH88xcNHcBLv2Yx1K11zgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW gBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQEw CAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNv bS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBACYUDB6V3tgmqD2dYqcpMHBM 11EjtwxYPJVrYGkSO0nBRq3WV6nFScuxu2yaku9Xs/YejYQdXhwQb99xbiYEFSeL vEE+dD2Iu6/cIotquH5Y0t9T+WnGy98dB0g0n2GhGD24bAe+hH/eDuorR05nMkTh /rhxc8GRaoQFJIA2tjukFPhN08iPgqtlpfRlk27FEVA/6nPj76mtZNOm6PifZLmM 8QOMQjC66ibrSb0fc1nYS0S1BP+FK5sHYLLBbOdH8ysILd+r7D+v2g7ZF9mOnyN7 5+bzVoK+VLR/EwE4EERL/+h2yzIW5sjPFuIyTfVTZvM72q8nj3pgZtS4+kjO4tw=


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIEKDCCAxCgAwIBAgIQAQAhJYiw+lmnd+8Fe2Yn3zANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE3MDUyMjExMzIzN1oXDTE4MTIzMTIzNTk1 OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk/8RlwGohGfuCPxfGJziHu Wv5hDbcyRImgdAtTT1WkzoJile7rWV/G4QWAEsRelD+8W0g49FP3JOb7kekVxM/0 Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf/86PKc3Bo69SxEE630k3ub5/DFx +5TVYPMuSq9C0svqxGoassxT3RVLix/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7j gEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57 r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjggERMIIBDTAfBgNV HSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1 dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggr BgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAw NQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9i YWwuY3JsMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDKSeWs 12Rkd1u+cfrP9B4jx5ppY1Rf60zWGSgjZGaOHMeHgGRfBIsmr5jfCnC8vBk97nsz qX+99AXUcLsFJnnqmseYuQcZZTTMPOk/xQH6bwx+23pwXEz+LQDwyr4tjrSogPsB E4jLnD/lu3fKOmc2887VJwJyQ6C9bgLxRwVxPgFZ6RGeGvOED4Cmong1L7bHon8X fOGLVq7uZ4hRJzBgpWJSwzfVO+qFKgE4h6LPcK2kesnE58rF2rwjMvL+GMJ74N87 L9TQEOaWTPtEtyFkDbkAlDASJodYmDkFOA/MgkgMCkdm7r+0X8T/cKjhf4t5K7hl MqO5tzHpCvX2HzLc


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S


END CERTIFICATE-----
Just today I've been unable to access Google on Firefox. Error code as above. Error text below. I have Windows 10, Windows Defender and Malwarebytes, none of the antivirus mentioned on the relevant Help page. Never happened before and nothing else has changed on my computer. I can access Google on Chrome. Is this just a temporary glitch? Advice please. Here's the error text: https://www.google.com/search?q=abc&ie=utf-8&oe=utf-8&client=firefox-b Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: true Certificate chain: -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIIZbQAduIAnFIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMTEwMDkzOTAwWhcNMTgwNDA0MDkzOTAw WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 Lmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiG/dZRdcEvLXG kiG21fvKgk0IzjJTNsmmG0h8t3dL/43rFbrCfo01us65WCi3hcVYl0U1SFUSOTUJ VsoxXxkCo4IBUTCCAU0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQD AgeAMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMGgGCCsGAQUFBwEBBFwwWjAr BggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggr BgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4E FgQU2ZfN51KH88xcNHcBLv2Yx1K11zgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW gBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQEw CAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNv bS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBACYUDB6V3tgmqD2dYqcpMHBM 11EjtwxYPJVrYGkSO0nBRq3WV6nFScuxu2yaku9Xs/YejYQdXhwQb99xbiYEFSeL vEE+dD2Iu6/cIotquH5Y0t9T+WnGy98dB0g0n2GhGD24bAe+hH/eDuorR05nMkTh /rhxc8GRaoQFJIA2tjukFPhN08iPgqtlpfRlk27FEVA/6nPj76mtZNOm6PifZLmM 8QOMQjC66ibrSb0fc1nYS0S1BP+FK5sHYLLBbOdH8ysILd+r7D+v2g7ZF9mOnyN7 5+bzVoK+VLR/EwE4EERL/+h2yzIW5sjPFuIyTfVTZvM72q8nj3pgZtS4+kjO4tw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEKDCCAxCgAwIBAgIQAQAhJYiw+lmnd+8Fe2Yn3zANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE3MDUyMjExMzIzN1oXDTE4MTIzMTIzNTk1 OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMT HEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk/8RlwGohGfuCPxfGJziHu Wv5hDbcyRImgdAtTT1WkzoJile7rWV/G4QWAEsRelD+8W0g49FP3JOb7kekVxM/0 Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf/86PKc3Bo69SxEE630k3ub5/DFx +5TVYPMuSq9C0svqxGoassxT3RVLix/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7j gEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57 r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjggERMIIBDTAfBgNV HSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1 dvWBtrtiGrpagS8wDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggr BgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAw NQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9i YWwuY3JsMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQDKSeWs 12Rkd1u+cfrP9B4jx5ppY1Rf60zWGSgjZGaOHMeHgGRfBIsmr5jfCnC8vBk97nsz qX+99AXUcLsFJnnqmseYuQcZZTTMPOk/xQH6bwx+23pwXEz+LQDwyr4tjrSogPsB E4jLnD/lu3fKOmc2887VJwJyQ6C9bgLxRwVxPgFZ6RGeGvOED4Cmong1L7bHon8X fOGLVq7uZ4hRJzBgpWJSwzfVO+qFKgE4h6LPcK2kesnE58rF2rwjMvL+GMJ74N87 L9TQEOaWTPtEtyFkDbkAlDASJodYmDkFOA/MgkgMCkdm7r+0X8T/cKjhf4t5K7hl MqO5tzHpCvX2HzLc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S -----END CERTIFICATE-----

Chosen solution

Might you have customized "OCSP" settings? Firefox normally checks with an OCSP server on whether a site's certificate has been revoked. Sometimes the server does not respond and then Firefox normally treats the certificate as not revoked. However, some users have customized Firefox to treat the certificate as revoked in that situation, and this can cause the problem you're encountering, when the OCSP server is not responding.

Please see this thread: SEC_ERROR_UNKNOWN_ISSUER on google. youtube since yesterday.

Or in more detail:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) If the security.OCSP.require preference is bolded and "modified" or "user set" to true, double-click it to restore the default value of false

You may need to reload your Google page bypassing the cache, using either:

  • Shift+click the reload button
  • Ctrl+Shift+r (on Mac Command+Shift+r)

To clarify, this does not completely disable checking whether a certificate is revoked. There are two different preferences:

  • security.OCSP.enabled = 1 (default setting) requires Firefox to check the cert with the OCSP server to make sure it hasn't been revoked
  • security.ocsp.require determines what happens if the OCSP server does not respond
    • false (default setting) treats the cert as not revoked and you can connect normally
    • true treats the cert as revoked and prevents you from connecting

I suppose your choice about "require" depends on how often you expect to encounter a server with a revoked certificate and a nonresponsive OCSP server. I think the risk is low, but then, I may not be as adventurous in my browsing as you are.

Read this answer in context 👍 1

All Replies (6)

more options

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

http://kb.mozillazine.org/Error_loading_websites


  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

more options

I don't have any of this software. I've always used Defender plus Malwarebytes and nothing has changed, so it doesn't make sense that this problem should suddenly arise.

more options

Over time, things change. Including programs. An update somewhere may be the cause of the problem.

more options

Chosen Solution

Might you have customized "OCSP" settings? Firefox normally checks with an OCSP server on whether a site's certificate has been revoked. Sometimes the server does not respond and then Firefox normally treats the certificate as not revoked. However, some users have customized Firefox to treat the certificate as revoked in that situation, and this can cause the problem you're encountering, when the OCSP server is not responding.

Please see this thread: SEC_ERROR_UNKNOWN_ISSUER on google. youtube since yesterday.

Or in more detail:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) If the security.OCSP.require preference is bolded and "modified" or "user set" to true, double-click it to restore the default value of false

You may need to reload your Google page bypassing the cache, using either:

  • Shift+click the reload button
  • Ctrl+Shift+r (on Mac Command+Shift+r)

To clarify, this does not completely disable checking whether a certificate is revoked. There are two different preferences:

  • security.OCSP.enabled = 1 (default setting) requires Firefox to check the cert with the OCSP server to make sure it hasn't been revoked
  • security.ocsp.require determines what happens if the OCSP server does not respond
    • false (default setting) treats the cert as not revoked and you can connect normally
    • true treats the cert as revoked and prevents you from connecting

I suppose your choice about "require" depends on how often you expect to encounter a server with a revoked certificate and a nonresponsive OCSP server. I think the risk is low, but then, I may not be as adventurous in my browsing as you are.

more options

Note that security.ocsp.require is false by default, so if it is true in your case then you may have had an extension that toggled this pref in the past (WebExtensions can't affect prefs).

more options

Many thanks indeed jscher2000. You need to know that I'm just a normal guy with hardly any IT know-how, so this kind of suggestion ("accept the risk") is quite scary! However, there was security.ocsp.require in bold as you predicted, double-clicked and problem immediately resolved. I have no idea what happened to change that in the first place, certainly nothing I did myself. Thanks again!