X
Tap here to go to the mobile version of the site.

Support Forum

Can't access Google.com

Posted

Hello, friends, I hope you all doing great. My english is really bad, so I'll go straight to the problem: I can't access Google.com or any Google site on Firefox.

The message:

Your connection is not secure

The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

https://www.google.com/?gws_rd=ssl

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: true

Certificate chain:


BEGIN CERTIFICATE-----

MIICzjCCAbagAwIBAgIJAMK3V/uRbaM+MA0GCSqGSIb3DQEBCwUAMCgxCzAJBgNV BAYTAkJSMRkwFwYDVQQDDBBLdXJ1cGlyYSAoMzk5NjEpMB4XDTE4MTEwNzA4NTkw MFoXDTE5MDEzMDA4NTkwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm b3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBM TEMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDtE9s8joMGr1mnF7COkHfAemZd4L5cA+Ekd+z8EJ0oY67a+91JjZyu YyppEVxLCwX/82PajRCU7iF8E5WY5GSLudDJ22Ln4AsnTs8UdATnv3QP6r2Fx/Q0 OsTMKJWJ19puwktM45P8l2NNjWhWkwhCRkreIyW9SkDkO2DTBksHBwIDAQABoz8w PTAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTALBgNVHQ8EBAMCB4AwEwYDVR0l BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAL1K+7evk/e2nJFgqJFu +wZuCt1j+pcwajRk9sGGY4co8/NvyQ+lKorf8NgNRpXS8mYan/5T4osXnSEuA2WW zvMHxFaOxrJFkYkT7uUhLY0lXRVz3NP4JjyHoxcVSYBO+XolGxlruMZGn23KpNcz 5hEB3YCDfeWDGZXYT5djppYdx07xBvslIrCr4F0+Ss/0IUdx+IoIA1WSSFzzGpQ3 0ubnENOXhJjvTshQrhkCR35o3pyjd3FHcs12Lr7ur0yu8OZBfhuLPI1Xa3/JhZ4S msoopgrymDDLiX31ncITLb//aLcd0U4j20CXvWMnsE//RZjpXGnL5+a9BAxBwK3s 2Ho=


END CERTIFICATE-----



What I've tried:
1- Add an exception to *google.com/*;
2 - Deactivate Kaspersky;
3 - Use a portable version of Firefox;
4 - Deactivate Windows Firewall;
5 - Deactivate plug-ins;
6 - Checked my date and time;
7 - Reinstalled Firefox.
Details:
Firefox Version = 63.0.3 (64-bit)
O.S = Windows 10 Pro 64-bit
Hello, friends, I hope you all doing great. My english is really bad, so I'll go straight to the problem: I can't access Google.com or any Google site on Firefox.<br><br> The message:<br><br> <center>Your connection is not secure The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. https://www.google.com/?gws_rd=ssl Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: true Certificate chain: -----BEGIN CERTIFICATE----- MIICzjCCAbagAwIBAgIJAMK3V/uRbaM+MA0GCSqGSIb3DQEBCwUAMCgxCzAJBgNV BAYTAkJSMRkwFwYDVQQDDBBLdXJ1cGlyYSAoMzk5NjEpMB4XDTE4MTEwNzA4NTkw MFoXDTE5MDEzMDA4NTkwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm b3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBM TEMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDtE9s8joMGr1mnF7COkHfAemZd4L5cA+Ekd+z8EJ0oY67a+91JjZyu YyppEVxLCwX/82PajRCU7iF8E5WY5GSLudDJ22Ln4AsnTs8UdATnv3QP6r2Fx/Q0 OsTMKJWJ19puwktM45P8l2NNjWhWkwhCRkreIyW9SkDkO2DTBksHBwIDAQABoz8w PTAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTALBgNVHQ8EBAMCB4AwEwYDVR0l BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAL1K+7evk/e2nJFgqJFu +wZuCt1j+pcwajRk9sGGY4co8/NvyQ+lKorf8NgNRpXS8mYan/5T4osXnSEuA2WW zvMHxFaOxrJFkYkT7uUhLY0lXRVz3NP4JjyHoxcVSYBO+XolGxlruMZGn23KpNcz 5hEB3YCDfeWDGZXYT5djppYdx07xBvslIrCr4F0+Ss/0IUdx+IoIA1WSSFzzGpQ3 0ubnENOXhJjvTshQrhkCR35o3pyjd3FHcs12Lr7ur0yu8OZBfhuLPI1Xa3/JhZ4S msoopgrymDDLiX31ncITLb//aLcd0U4j20CXvWMnsE//RZjpXGnL5+a9BAxBwK3s 2Ho= -----END CERTIFICATE----- </center> <br><br><br> What I've tried:<br> 1- Add an exception to *google.com/*;<br> 2 - Deactivate Kaspersky;<br> 3 - Use a portable version of Firefox;<br> 4 - Deactivate Windows Firewall;<br> 5 - Deactivate plug-ins;<br> 6 - Checked my date and time; <br> 7 - Reinstalled Firefox. <br> Details: <br> Firefox Version = 63.0.3 (64-bit) <br> O.S = Windows 10 Pro 64-bit
Attached screenshots

Modified by JonasEstevam

Chosen solution

JonasEstevam said

FredMcD said
What other protection are you using on your computer?

We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games.

Yes, when I decode the certificate, I see:

Issuer: Kurupira (39961), BR

The filter is intercepting the request.

Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!!

Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information:

Option #1: Import the Signing Certificate

If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.

(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor.

  • This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
  • The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location

Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849

(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.

(Fourth and fifth screenshots in the above-linked post.)

When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.

It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.

Option #2: Trust all Signing Certificates in the Windows Cert Store

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(B) In the search box above the list, type or paste enterp and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.

The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system.

Do either of those work for you?

Read this answer in context 1

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134

More Information

FredMcD
  • Top 10 Contributor
4254 solutions 59583 answers

What other protection are you using on your computer?

Is this link any better? https://www.google.com/

What other protection are you using on your computer? Is this link any better? https://www.google.com/

Question owner

FredMcD said

What other protection are you using on your computer? Is this link any better? https://www.google.com/

We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games. For example, it blocks any window that has "counter strike" in it.

''FredMcD [[#answer-1179900|said]]'' <blockquote> What other protection are you using on your computer? Is this link any better? https://www.google.com/ </blockquote> We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games. For example, it blocks any window that has "counter strike" in it.

Modified by JonasEstevam

Question owner

FredMcD said

Is this link any better? https://www.google.com/

The problem persists

''FredMcD [[#answer-1179900|said]]'' <blockquote> Is this link any better? https://www.google.com/ </blockquote> The problem persists
FredMcD
  • Top 10 Contributor
4254 solutions 59583 answers

JonasEstevam said

"conter strike"

What is this? A game?

https://support.mozilla.org/kb/Clear+Recent+History#w_how-do-i-remove-a-single-website-from-my-history

Remove History For One Site

Open the History Manager <Control><Shift> H. In the search bar, enter the name of the site. Right-click on one of the listings and select Forget About This Site. This should remove all information, including any passwords / settings.

''JonasEstevam [[#answer-1179903|said]]'' <blockquote>"conter strike" </blockquote> What is this? A game? https://support.mozilla.org/kb/Clear+Recent+History#w_how-do-i-remove-a-single-website-from-my-history Remove History For One Site Open the History Manager '''<Control><Shift> H.''' In the search bar, enter the name of the site. Right-click on one of the listings and select '''Forget About This Site.''' This should remove all information, including any passwords / settings.

Modified by FredMcD

Question owner

FredMcD said

JonasEstevam said
"counter strike"
What is this? A game?

Yes. It was just an example.

https://support.mozilla.org/kb/Clear+Recent+History#w_how-do-i-remove-a-single-website-from-my-history Remove History For One Site Open the History Manager <Control><Shift> H. In the search bar, enter the name of the site. Right-click on one of the listings and select Forget About This Site. This should remove all information, including any passwords / settings.

Still the same.

I'm running out of options. Maybe I should just leave the computers without Firefox for a while?

''FredMcD [[#answer-1179921|said]]'' <blockquote> ''JonasEstevam [[#answer-1179903|said]]'' <blockquote>"counter strike" </blockquote> What is this? A game?</blockquote> Yes. It was just an example. <blockquote> https://support.mozilla.org/kb/Clear+Recent+History#w_how-do-i-remove-a-single-website-from-my-history Remove History For One Site Open the History Manager <Control><Shift> H. In the search bar, enter the name of the site. Right-click on one of the listings and select Forget About This Site. This should remove all information, including any passwords / settings. </blockquote> Still the same. I'm running out of options. Maybe I should just leave the computers without Firefox for a while?

Modified by JonasEstevam

jscher2000
  • Top 10 Contributor
8758 solutions 71655 answers

Chosen Solution

JonasEstevam said

FredMcD said
What other protection are you using on your computer?

We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games.

Yes, when I decode the certificate, I see:

Issuer: Kurupira (39961), BR

The filter is intercepting the request.

Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!!

Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information:

Option #1: Import the Signing Certificate

If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.

(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor.

  • This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
  • The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location

Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849

(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.

(Fourth and fifth screenshots in the above-linked post.)

When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.

It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.

Option #2: Trust all Signing Certificates in the Windows Cert Store

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(B) In the search box above the list, type or paste enterp and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.

The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system.

Do either of those work for you?

''JonasEstevam [[#answer-1179903|said]]'' <blockquote> ''FredMcD [[#answer-1179900|said]]'' <blockquote> What other protection are you using on your computer? </blockquote> We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games. </blockquote> Yes, when I decode the certificate, I see: Issuer: Kurupira (39961), BR The filter is intercepting the request. Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!! Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information: '''Option #1: Import the Signing Certificate''' If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted. (A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor. * This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome * The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location ''Example screenshots:'' https://support.mozilla.org/questions/1199797#answer-1064849 (B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab: * Windows: "3-bar" menu button (or Tools menu) > Options * Mac: "3-bar" menu button (or Firefox menu) > Preferences * Linux: "3-bar" menu button (or Edit menu) > Preferences * Any system: type or paste '''about:preferences''' into the address bar and press Enter/Return to load it In the search box at the top of the page, type ''cert'' and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate. (Fourth and fifth screenshots in the above-linked post.) ''When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.'' It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security. '''Option #2: Trust all Signing Certificates in the Windows Cert Store''' (A) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button accepting the risk. (B) In the search box above the list, type or paste '''enterp''' and pause while the list is filtered (C) Double-click the '''security.enterprise_roots.enabled''' preference to switch the value from false to true I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects. The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system. Do either of those work for you?

Question owner

jscher2000 said

JonasEstevam said
FredMcD said
What other protection are you using on your computer?

We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games.

Yes, when I decode the certificate, I see:

Issuer: Kurupira (39961), BR

The filter is intercepting the request.

Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!!

Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information:

Option #1: Import the Signing Certificate

If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.

(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor.

  • This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
  • The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location

Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849

(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.

(Fourth and fifth screenshots in the above-linked post.)

When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.

It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.

It worked like a charm! Thank you so much, jscher2000.

''jscher2000 [[#answer-1179939|said]]'' <blockquote> ''JonasEstevam [[#answer-1179903|said]]'' <blockquote> ''FredMcD [[#answer-1179900|said]]'' <blockquote> What other protection are you using on your computer? </blockquote> We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games. </blockquote> Yes, when I decode the certificate, I see: Issuer: Kurupira (39961), BR The filter is intercepting the request. Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!! Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information: '''Option #1: Import the Signing Certificate''' If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted. (A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor. * This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome * The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location ''Example screenshots:'' https://support.mozilla.org/questions/1199797#answer-1064849 (B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab: * Windows: "3-bar" menu button (or Tools menu) > Options * Mac: "3-bar" menu button (or Firefox menu) > Preferences * Linux: "3-bar" menu button (or Edit menu) > Preferences * Any system: type or paste '''about:preferences''' into the address bar and press Enter/Return to load it In the search box at the top of the page, type ''cert'' and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate. (Fourth and fifth screenshots in the above-linked post.) ''When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.'' It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security. </blockquote> It worked like a charm! Thank you so much, jscher2000.