Hi richsnook1, could you click the Advanced button on the error page and take a close look at the technical details, and particularly the code that usually starts with SEC_ERROR. What do you have in that section?

One of the most common codes we see is discussed in this article: How to troubleshoot security error codes on secure websites. Is anything there relevant?

After clicking on the link for SEC_ERROR_UNKNOEN _ISSUER I clicked on Kaspersky which is my security software. I first tried the alternate approach to refresh the certificate in the Kaspersky settings then restarted. This did not solve the problem. I then selected do not scan encrypted connections in Kaspersky settings then restarted. This did solve the problem but with a warning that this reduces protection. I'm not sure I like the reduced protection.

If Kaspersky doesn't set up Firefox automatically, you can import its signing certificate. I'm not sure of the latest info, but check out this thread: https://support.mozilla.org/questions/1172560

I tried using the fake certificate for kaspersky in firefox but it did not work (changed back to scanning sites in kaspersky after fake certificate in firefox). So I changed back to not scanning encrypted sites in kaspersky.

I'm assuming that the fake certificate for kaspersky is only applicable to firefox since it was in the options to firefox. I also assume that the fake certificate is N/A in firefox since I am now not scanning sites with kaspersky in firefox.

I am very security conscious and have used both kaspersky and firefox for several years because of familiarity and the security features of both. I assume that not scanning encrypted sites is a marginal sacrifice to my overall security stance? That is assuming that secure sites are not infested with malware and are truly the site I intended to visit? Please advise me if my assumptions are erroneous.

Of note. When I view the Kaspersky certificate, at the top it says, "Could not verify this certificate because the issuer is unknown." I assume that is the at the heart of the problem. How does one get firefox to verify a certificate from Kaspersky?

By the way, you don't have to restart when changing Kaspersky back and forth between scanning and not scanning encrypted sites.

richsnook1 said

I am very security conscious and have used both kaspersky and firefox for several years because of familiarity and the security features of both. I assume that not scanning encrypted sites is a marginal sacrifice to my overall security stance? That is assuming that secure sites are not infested with malware and are truly the site I intended to visit? Please advise me if my assumptions are erroneous.

I would say it varies because there is a trend to more and more SSL sites, and so SSL isn't necessarily a marker of not getting hacked.

That said, Kaspersky is still protecting against any downloads that hit the disk, so the slight additional protection against web page content might not be hugely valuable.

richsnook1 said

Of note. When I view the Kaspersky certificate, at the top it says, "Could not verify this certificate because the issuer is unknown." I assume that is the at the heart of the problem. How does one get firefox to verify a certificate from Kaspersky?

I don't know whether that's normal for that program.

Verification involves tracking the certificate back to a trusted issuer. With fake site certificates generated by a "man in the middle" you need to import the signing certificate to the Authorities tab to complete the link.