X
Tap here to go to the mobile version of the site.

Support Forum

I can't connect to all sites, the error code is "SEC_ERROR_UNKNOWN_ISSUER", can you help me?

Posted

I currently use FF version 63.0.3 on Windows 10, I have tried removing cert8.db, running FF in safe mode, even reinstalling FF, but it still didn't work. I also only use SMADAV and Windows Defender as antivirus. Only the official Mozilla site can be accessed.

As i recall, this problem started when I accidentally switched to a site. Could you help me?

And sorry if my grammar is bad, English is not my first language.

I currently use FF version 63.0.3 on Windows 10, I have tried removing cert8.db, running FF in safe mode, even reinstalling FF, but it still didn't work. I also only use SMADAV and Windows Defender as antivirus. Only the official Mozilla site can be accessed. As i recall, this problem started when I accidentally switched to a site. Could you help me? And sorry if my grammar is bad, English is not my first language.

Modified by NotReality_

Chosen solution

Okay, thank you, i already solve the problem.

I run a small scan using a newly downloaded Malwarebytes, and then it find many Adware and other Malware too. Now, i able to connect to Google and any major site freel just like before.

Thank you for all your help.

Read this answer in context 0

Additional System Details

Application

  • Firefox 63.0.3
  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
  • Support URL: https://support.mozilla.org/1/firefox/63.0.3/WINNT/id/

Extensions

  • IDM Integration Module 6.30.9.1 (mozilla_cc3@internetdownloadmanager.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: AMD Radeon(TM) R4 Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x98e4
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 amdxc64 aticfx32 aticfx32 aticfx32 amdxc32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 80
  • adapterRAM2:
  • adapterSubsysID: 00000000
  • adapterSubsysID2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • contentUsesTiling: False
  • crashGuards: []
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'']
  • directWriteEnabled: True
  • directWriteVersion: 10.0.14393.1358
  • driverDate: 9-25-2017
  • driverDate2:
  • driverVersion: 22.19.180.513
  • driverVersion2:
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'blocked', u'description': u'Compositing', u'name': u'HW_COMPOSITING', u'log': [{u'status': u'available', u'type': u'default'}, {u'status': u'blocked', u'message': u'Acceleration blocked by safe-mode', u'type': u'runtime'}]}, {u'status': u'unavailable', u'description': u'Direct3D11 Compositing', u'name': u'D3D11_COMPOSITING', u'log': [{u'status': u'unavailable', u'message': u'Hardware compositing is disabled', u'type': u'default'}]}, {u'status': u'unavailable', u'description': u'Direct2D', u'name': u'DIRECT2D', u'log': [{u'status': u'unavailable', u'message': u'Direct2D requires Direct3D 11 compositing', u'type': u'default'}]}, {u'status': u'disabled', u'description': u'Direct3D11 hardware ANGLE', u'name': u'D3D11_HW_ANGLE', u'log': [{u'status': u'unavailable', u'message': u'D3D11 compositing is disabled', u'type': u'default'}, {u'status': u'disabled', u'message': u'D3D11 compositing is disabled', u'type': u'env'}]}, {u'status': u'blocked', u'description': u'GPU Process', u'name': u'GPU_PROCESS', u'log': [{u'status': u'available', u'type': u'default'}, {u'status': u'blocked', u'message': u'Safe-mode is enabled', u'type': u'runtime'}]}, {u'status': u'unavailable', u'description': u'WebRender', u'name': u'WEBRENDER', u'log': [{u'status': u'opt-in', u'message': u'WebRender is an opt-in feature', u'type': u'default'}, {u'status': u'unavailable', u'message': u'ANGLE is disabled', u'type': u'runtime'}]}, {u'status': u'blocked', u'description': u'WebRender qualified', u'name': u'WEBRENDER_QUALIFIED', u'log': [{u'status': u'available', u'type': u'default'}, {u'status': u'blocked', u'message': u'No qualified hardware', u'type': u'env'}]}, {u'status': u'blocked', u'description': u'Off Main Thread Painting', u'name': u'OMTP', u'log': [{u'status': u'available', u'type': u'default'}, {u'status': u'blocked', u'message': u'OMTP blocked by safe-mode', u'type': u'runtime'}]}]}
  • info: {u'ApzWheelInput': 1, u'ApzDragInput': 1, u'ApzKeyboardInput': 1, u'ApzAutoscrollInput': 1, u'AzureFallbackCanvasBackend': u'cairo', u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'skia', u'AzureContentBackend': u'skia'}
  • isGPU2Active: False
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • offMainThreadPaintEnabled: False
  • offMainThreadPaintWorkerCount: 0
  • usesTiling: False
  • webgl1DriverExtensions: -
  • webgl1Extensions: -
  • webgl1Renderer: WebGL is currently disabled.
  • webgl1Version: -
  • webgl1WSIInfo: -
  • webgl2DriverExtensions: -
  • webgl2Extensions: -
  • webgl2Renderer: WebGL is currently disabled.
  • webgl2Version: -
  • webgl2WSIInfo: -
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Basic
  • windowUsingAdvancedLayers: False

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
FredMcD
  • Top 10 Contributor
4254 solutions 59575 answers

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.

https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can

https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites

https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message

Websites don't load - troubleshoot and fix error messages

http://kb.mozillazine.org/Error_loading_websites


  • MOZILLA_PKIX_ERROR_MITM_DETECTED
  • uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
  • configured their website improperly

How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message [https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors?redirectlocale=en-US&redirectslug=Error+loading+web+sites Websites don't load - troubleshoot and fix error messages] http://kb.mozillazine.org/Error_loading_websites *MOZILLA_PKIX_ERROR_MITM_DETECTED *uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN *configured their website improperly How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

Question owner

I don't think this fix my issue, as a said before, i don't have any of this software nor any software that have capability to intercept secure connection.

Any help please?

I don't think this fix my issue, as a said before, i don't have any of this software nor any software that have capability to intercept secure connection. Any help please?
FredMcD
  • Top 10 Contributor
4254 solutions 59575 answers

What are your protection programs?

Start Firefox in Safe Mode {web link} by holding down the <Shift> (Mac=Options) key, and then starting Firefox.

A small dialog should appear. Click Start In Safe Mode (not Refresh). Is the problem still there?

What are your protection programs? [https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode] {web link} by holding down the '''<Shift> ''(Mac=Options)''''' key, and then starting Firefox. A small dialog should appear. Click '''Start In Safe Mode''' (not Refresh). Is the problem still there?
jscher2000
  • Top 10 Contributor
8758 solutions 71655 answers

Helpful Reply

Hi NotReality_, we need a little more information to diagnose this.

When you are viewing the error page, and click the "Advanced" button, then click

SEC_ERROR_UNKNOWN_ISSUER

to expand another panel showing a coded version of the certificate Firefox refuses to accept. You can copy that certificate and paste it into a reply for a volunteer to decode and review.

Or try it yourself on a site like the following and look at the "Issuer" section:

https://certlogik.com/decoder/

Hi NotReality_, we need a little more information to diagnose this. When you are viewing the error page, and click the "Advanced" button, then click SEC_ERROR_UNKNOWN_ISSUER to expand another panel showing a coded version of the certificate Firefox refuses to accept. You can copy that certificate and paste it into a reply for a volunteer to decode and review. Or try it yourself on a site like the following and look at the "Issuer" section: https://certlogik.com/decoder/
cor-el
  • Top 10 Contributor
  • Moderator
17519 solutions 158412 answers

Helpful Reply

You can check if there is more detail available about the issuer of the certificate.

  • click the "Advanced" button show more detail
  • click the blue error text (SEC_ERROR_UNKNOWN_ISSUER) to show the certificate chain
  • click "Copy text to clipboard" and paste the base64 certificate chain text in a reply

If clicking the blue error text doesn't provide the certificate chain then try these steps to inspect the certificate.

  • open the Servers tab in the Certificate Manager
    • Options/Preferences -> Privacy & Security
      Certificates: View Certificates -> Servers: "Add Exception"
  • paste the URL of the website (https://xxx.xxx) in it's Location field

Let Firefox retrieve the certificate -> "Get Certificate"

  • click the "View" button and inspect the certificate

You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.

You can check if there is more detail available about the issuer of the certificate. *click the "Advanced" button show more detail *click the blue error text (SEC_ERROR_UNKNOWN_ISSUER) to show the certificate chain *click "Copy text to clipboard" and paste the base64 certificate chain text in a reply If clicking the blue error text doesn't provide the certificate chain then try these steps to inspect the certificate. *open the Servers tab in the Certificate Manager **Options/Preferences -> Privacy & Security<br>Certificates: View Certificates -> Servers: "Add Exception" *paste the URL of the website (https://xxx.xxx) in it's Location field Let Firefox retrieve the certificate -> "Get Certificate" *click the "View" button and inspect the certificate You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.

Question owner

jscher2000 said

Hi NotReality_, we need a little more information to diagnose this. When you are viewing the error page, and click the "Advanced" button, then click SEC_ERROR_UNKNOWN_ISSUER to expand another panel showing a coded version of the certificate Firefox refuses to accept. You can copy that certificate and paste it into a reply for a volunteer to decode and review. Or try it yourself on a site like the following and look at the "Issuer" section: https://certlogik.com/decoder/

Sorry for a very, very late respond. I need to goes offline for few days.

As you ask, here the certificate.


BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIUNycgHW53+Rx0cCuE5zYLOsSphu0wDQYJKoZIhvcNAQEL BQAwVDElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzEeMBwG A1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQswCQYDVQQGEwJVUzAeFw0xODEx MDcwODU5MDBaFw0xOTAxMzAwODU5MDBaMGgxFzAVBgNVBAMMDnd3dy5nb29nbGUu Y29tMRMwEQYDVQQKDApHb29nbGUgTExDMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAJZbZ5MLkHm1ma716ARZhRmdSUeHz/UE4XNkiCMD ltUpPh0nVn0jYbgLgYyqEjtMcLeTRGDICm9T7wjmk2nC0VcRB6SBGqkX7CavNnar SkY1jEtmQ3J0frmVoNXcfO9SVwlXB+/vGBCUmKRa3Ax3M7cxam9HKvHu9BU78zfi voFC1eqhZ4Ll7KitMtSkr/o+aCZBM6z0ppvJSiPHlEegGZDol/eIKf3Wf7NOHanT jKj/UlVc4AQfgnbVyU6D6T+9W+JLc/YNUUJ1u8ArjQ05fnDs2phwwZdZyWL/9Lrv iiDLgN5Z+cX+xlC2O7/kahsWmFoWmUJG9gemI1lLjeORdTcCAwEAAaNQME4wDAYD VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCAbgwGQYDVR0RBBIwEIIOd3d3Lmdvb2ds ZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHzv nklOOqctDwYoh5qMBlfIbbleqJVpxzQFWRjXyLKi0tx0D480jghW4cw24Ac8krGu YUwbOXZ9x9ASZJhtXD7HoiRIkYeGqCQr8lMLw7DjFQ35VtSBlBJW6m2HNW9/9e4q 1ljXRU4vxzbAszSIgIyDc6QFfDt0k0KQhXe8akLuXnpwvJkMVmG8GtzvOk3dO98i v7TUEwHiXKKK00nvyyBc8ZgzFuhgOVB6WVHqqm6L6kBKZ16Ee2EoyuDbYakF9XZu 8BGM0ObM2eRR4hV4mVmCBmGr7F2bauF4c/eGzBv7j6KV7+rXD5aEQKaJeAS9OM7u DB3LrxLpr05WRk8NQ+Q= -----END CERTIFICATE-----
''jscher2000 [[#answer-1177462|said]]'' <blockquote> Hi NotReality_, we need a little more information to diagnose this. When you are viewing the error page, and click the "Advanced" button, then click SEC_ERROR_UNKNOWN_ISSUER to expand another panel showing a coded version of the certificate Firefox refuses to accept. You can copy that certificate and paste it into a reply for a volunteer to decode and review. Or try it yourself on a site like the following and look at the "Issuer" section: https://certlogik.com/decoder/ </blockquote> Sorry for a very, very late respond. I need to goes offline for few days. As you ask, here the certificate. -----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIUNycgHW53+Rx0cCuE5zYLOsSphu0wDQYJKoZIhvcNAQEL BQAwVDElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzEeMBwG A1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQswCQYDVQQGEwJVUzAeFw0xODEx MDcwODU5MDBaFw0xOTAxMzAwODU5MDBaMGgxFzAVBgNVBAMMDnd3dy5nb29nbGUu Y29tMRMwEQYDVQQKDApHb29nbGUgTExDMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3 MRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAJZbZ5MLkHm1ma716ARZhRmdSUeHz/UE4XNkiCMD ltUpPh0nVn0jYbgLgYyqEjtMcLeTRGDICm9T7wjmk2nC0VcRB6SBGqkX7CavNnar SkY1jEtmQ3J0frmVoNXcfO9SVwlXB+/vGBCUmKRa3Ax3M7cxam9HKvHu9BU78zfi voFC1eqhZ4Ll7KitMtSkr/o+aCZBM6z0ppvJSiPHlEegGZDol/eIKf3Wf7NOHanT jKj/UlVc4AQfgnbVyU6D6T+9W+JLc/YNUUJ1u8ArjQ05fnDs2phwwZdZyWL/9Lrv iiDLgN5Z+cX+xlC2O7/kahsWmFoWmUJG9gemI1lLjeORdTcCAwEAAaNQME4wDAYD VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCAbgwGQYDVR0RBBIwEIIOd3d3Lmdvb2ds ZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHzv nklOOqctDwYoh5qMBlfIbbleqJVpxzQFWRjXyLKi0tx0D480jghW4cw24Ac8krGu YUwbOXZ9x9ASZJhtXD7HoiRIkYeGqCQr8lMLw7DjFQ35VtSBlBJW6m2HNW9/9e4q 1ljXRU4vxzbAszSIgIyDc6QFfDt0k0KQhXe8akLuXnpwvJkMVmG8GtzvOk3dO98i v7TUEwHiXKKK00nvyyBc8ZgzFuhgOVB6WVHqqm6L6kBKZ16Ee2EoyuDbYakF9XZu 8BGM0ObM2eRR4hV4mVmCBmGr7F2bauF4c/eGzBv7j6KV7+rXD5aEQKaJeAS9OM7u DB3LrxLpr05WRk8NQ+Q= -----END CERTIFICATE-----
FredMcD
  • Top 10 Contributor
4254 solutions 59575 answers

Certificate Checks Status Check Information Valid To 30 Jan 2019 ( 57 days ) Weak-Key Does not use a key on our blacklist - this is good Key-Size 2048 bits Signature Algorithm Strong (sha256WithRSAEncryption)


Certificate Summary Subject RDN Value Common Name (CN) www.google.com Organization (O) Google LLC Locality (L) Mountain View State (ST) California Country (C) US

Certificate Checks Status Check Information Valid To 30 Jan 2019 ( 57 days ) Weak-Key Does not use a key on our blacklist - this is good Key-Size 2048 bits Signature Algorithm Strong (sha256WithRSAEncryption) Certificate Summary Subject RDN Value Common Name (CN) www.google.com Organization (O) Google LLC Locality (L) Mountain View State (ST) California Country (C) US

Question owner

Okay, as i recall there was a site that make me suddenly redirected. After that, i find a strange activity in my Task Manager, you know some kind of background app. Maybe that is the problem?

Okay, as i recall there was a site that make me suddenly redirected. After that, i find a strange activity in my Task Manager, you know some kind of background app. Maybe that is the problem?
jscher2000
  • Top 10 Contributor
8758 solutions 71655 answers

The certificate issuer information looks normal, and I think Firefox should accept that.

Do you want to try deleting the cert9.db file and having Firefox regenerate it? The steps for that are mentioned in this article: What do the security warning codes mean?

The certificate issuer information looks normal, and I think Firefox should accept that. Do you want to try deleting the '''cert9.db''' file and having Firefox regenerate it? The steps for that are mentioned in this article: [[What do the security warning codes mean?]]
jscher2000
  • Top 10 Contributor
8758 solutions 71655 answers

NotReality_ said

Okay, as i recall there was a site that make me suddenly redirected. After that, i find a strange activity in my Task Manager, you know some kind of background app. Maybe that is the problem?

If you think your system might have become infected, please see: Troubleshoot Firefox issues caused by malware.

''NotReality_ [[#answer-1178208|said]]'' <blockquote> Okay, as i recall there was a site that make me suddenly redirected. After that, i find a strange activity in my Task Manager, you know some kind of background app. Maybe that is the problem? </blockquote> If you think your system might have become infected, please see: [[Troubleshoot Firefox issues caused by malware]].

Chosen Solution

Okay, thank you, i already solve the problem.

I run a small scan using a newly downloaded Malwarebytes, and then it find many Adware and other Malware too. Now, i able to connect to Google and any major site freel just like before.

Thank you for all your help.

Okay, thank you, i already solve the problem. I run a small scan using a newly downloaded Malwarebytes, and then it find many Adware and other Malware too. Now, i able to connect to Google and any major site freel just like before. Thank you for all your help.