Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Can't get answer for Error code: SEC_ERROR_UNKNOWN_ISSUER in your FAQ

more options

I can not log in to one site. This began just a few days ago. I CAN log in using Chrome and Edge with no problem. I have refreshed Firefox, removed all add-ons, even uninstalled and reinstalled to no avail. This is the error message I receive today:

login.diamondresorts.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

Yesterday I saw a longer text message with lots of coding 'jiberish'.

What can I do?

Chosen solution

I hadn't checked the server previously, but it appears that the server doesn't send a required intermediate certificate.

  • Entrust Certification Authority - L1K

Firefox will store intermediate certificates that are send by servers for future use and if you visit a website that doesn't send a full certificate chain chain then Firefox can use such a saved certificate. If you do not have the intermediate certificate stored then you get an error message like in your case happened.

See also:

You can save the certificate text you see on the error page to a .cert file or download the certificate via this link.

You can import this certificate file in the Firefox Certificate Manager under the Authorities tab.

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities: Import

You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate).

Do NOT set any trust bits when prompted on an intermediate certificate. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.

If you reload the page then you should no longer get this distrusted error.

Read this answer in context 👍 1

All Replies (6)

more options

Forgot to say I use Windows Defender for security.

more options

That means there is a problem with the certificate for the website. This is a website issue.

  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

more options

You can check if there is more detail available about the issuer of the certificate.

  • click the "Advanced" button show more detail
  • click the blue error text (SEC_ERROR_UNKNOWN_ISSUER) to show the certificate chain
  • click "Copy text to clipboard" and paste the base64 certificate chain text in a reply

If clicking the blue error text doesn't provide the certificate chain then try these steps to inspect the certificate.

  • open the Servers tab in the Certificate Manager
    • Options/Preferences -> Privacy & Security
      Certificates: View Certificates -> Servers: "Add Exception"
  • paste the URL of the website (https://xxx.xxx) in it's Location field

Let Firefox retrieve the certificate -> "Get Certificate"

  • click the "View" button and inspect the certificate

You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.


more options

Found the cert info.

https://login.diamondresorts.com/Account/SignIn?ReturnUrl=%252f

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true HTTP Public Key Pinning: false

Certificate chain:


BEGIN CERTIFICATE-----

MIIFaDCCBFCgAwIBAgIQRsDBD+ELKxoAAAAAUN6kLzANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x NzEwMjMxODEyNTFaFw0xOTEwMjMxODQyNTBaMIGbMQswCQYDVQQGEwJVUzEPMA0G A1UECBMGTmV2YWRhMRIwEAYDVQQHEwlMYXMgVmVnYXMxRDBCBgNVBAoTO0RpYW1v bmQgUmVzb3J0cyBJbnRlcm5hdGlvbmFsKERpYW1vbmQgUmVzb3J0cyBIb2xkaW5n cyxMTEMpMSEwHwYDVQQDExhsb2dpbi5kaWFtb25kcmVzb3J0cy5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkHe98addiM3ad1673ypN+GVXJ7Haq wIAwB199MXVhsb/lekDqrQ/DNjaMagogMv1PNmZTh9qAqr7DoEy6zI+It4ZRVjfN 3aonnt9wAhRTbQPiGJylHp7GpKOMXMQhFlYkav5n4qdy4uMH6ylgrTeax6pRkYLB hW3aLWslEDXCwJM/GDedaRKNeErkNn66VrHvqzFxn/pPbCLNBu3b5pf1nBYtV9G9 GfIDaapIlrm4Co5ysz1djo7g1HCKyWiGKaVSXDTsXlju17eDzEEDkcIDftOovyBx XebjGDWVjTGxh0Rzq0LZBJGlATsv6HtP9q4OSTl252BUU5nak/tT5HrzAgMBAAGj ggGFMIIBgTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMwYD VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNy bDBLBgNVHSAERDBCMDYGCmCGSAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDov L3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAj BggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKG J2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAjBgNVHREE HDAaghhsb2dpbi5kaWFtb25kcmVzb3J0cy5jb20wHwYDVR0jBBgwFoAUgqJwdN28 Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFB8e3eRkzFPYd4gSjRecfj663fOTMAkG A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKzdZqT5BmEeBQNbodBNca0ltMg9 coO3+mtZXTgfYs1Gcjyl7t1rnrcI/vSV4zCTNOISkQLV4qSRoy4ALPFbMLLxMUHl UsshyQq79OP9U0mzGhfJlkpXkDkD7VVaaYm7qM4PZV9FSPY68NDm2JG/8cqI+SmN /fQbFLC0axfMJvXB16p9F4+k2Tl3vh+8wt0vbtHSZhbq+hjrzKOWNRTaL5eNixqS EHL2TcqI7VSOzMJf9c8M5CfX2Ab/SgAEl1Vh7kPhueO3x6PJfVYZTsTBgr52oCUZ A7h7SkAIPR2PvZ2y2dRKCzs5Zlg3zab1XI2VctoWISB5AVaN1IV827bVBNI=


END CERTIFICATE-----
more options

Chosen Solution

I hadn't checked the server previously, but it appears that the server doesn't send a required intermediate certificate.

  • Entrust Certification Authority - L1K

Firefox will store intermediate certificates that are send by servers for future use and if you visit a website that doesn't send a full certificate chain chain then Firefox can use such a saved certificate. If you do not have the intermediate certificate stored then you get an error message like in your case happened.

See also:

You can save the certificate text you see on the error page to a .cert file or download the certificate via this link.

You can import this certificate file in the Firefox Certificate Manager under the Authorities tab.

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities: Import

You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate).

Do NOT set any trust bits when prompted on an intermediate certificate. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.

If you reload the page then you should no longer get this distrusted error.

Modified by cor-el

more options

Whatever you said (above) WORKED. Looks like I got in. Thanks!