I have been using firefox since beginning of 2003, yes I pretty sure you know what that means. Now I understand that SEC_ERROR_UNKNOWN_ISSUER is a add security feature (okay some people need that) But 90% of the ppl using FF, does not need that. Since I can not turn off that feature, you are violating my net neutrality. You are telling me what websites I can go to, and can not go to. FF went from a slim active Fox, to a out of shape bloated pig. I never thought I would see the day when a Microsoft browser was better FF. Edge is crushing you all stat wise, you are not even on the same playing field.
Additional System Details
- Shockwave Flash 29.0 r0
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
Almost 50,000 answers and this is the best you came up with. Are you a bot or a troll? "There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate." Why would you even state that? All you did was make my point stronger. With them Security Suits you mentioned, if a out of date cert or a bad cert comes up, they still give you the option to proceed. FF does not, Which as I stated, if I can not make the freedom of choice to proceed, then FF is in violation of Net Neutrality.
There is always a reason for the SEC_ERROR_UNKNOWN_ISSUER error. This can be a problem with software that acts as a man-in-the-middle and sends its own certificate or a problem with the configuration of the web server that doesn't send required intermediate certificates or something else. You always need to investigate what is wrong in each case and never set a permanent exception, especially in case something is wrong with reputed websites.
You can check if there is more detail available about the issuer of the certificate.
- click the "Advanced" button show more detail
- click the blue SEC_ERROR_UNKNOWN_ISSUER message to show the certificate chain
- click "Copy text to clipboard" and paste the base64 certificate chain text in a reply
If clicking the SEC_ERROR_UNKNOWN_ISSUER text doesn't provide the certificate chain then try these steps to inspect the certificate.
- open the Server tab in the Certificate Manager
- Options/Preferences -> Privacy & Security
Certificates: View Certificates -> Servers: "Add Exception"
- Options/Preferences -> Privacy & Security
- paste the URL of the website (https://xxx.xxx) in it's Location field.
Let Firefox retrieve the certificate -> "Get Certificate"
- click the "View" button and inspect the certificate
You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.
The people who answer questions here, for the most part, are other Firefox users volunteering alot of their time, not Mozilla employees or Firefox developers.
If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. Your feedback gets collected by a team of people who read it and gather data about the most common issues.
I understand why it is checking certs, but normally doesn't your security suit check the certs? Doesn't your operating system check certs? I know about the whole advance(but thank you for your help) How can we disable it? Like you used to be able to with IE.
Open Internet Explorer and click on "Tools," or the gear icon. Click "Internet Options" and click on the "Advanced" tab. Navigate to the "Security" subheading and remove the check marks on both the “Check for publisher's certificate revocation” and “check for server certificate revocation” options.
I thought it was the last option on FF Privacy and Security setting Query OCSP responder(sounds like it should be) If it is not validating the certs, it should go through, or someone forgot the code.
I think most people would be afraid of, creating a new rule. Instead of all of that, advance to another page to create the rule. (for the avg. person they would not know what they are looking at there) One solid color button to proceed and that's it. Or the option to fully turn it off.
Modified by lllll_saywhy_lllll
I might be wrong but i do not think Apple has a bad cert at browserbench Microsoft Edge lets you through no problem, FF throws the error.
The second screenshot would suggest that the server doesn't send intermediate certificates. Firefox needs the server to send a full certificate chain that ends with a builtin trusted root certificate. Other browsers may try to retrieve missing intermediate certificates, but Firefox doesn't do this an show an error.