Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Have SEC_ERROR_UNKNOWN_ISSUER issue with a French gov site. How do I access?

more options

The page is a link from a government site to set up appointments. The name is: *.gouv.fr Certificate issued by Issued by: SGAMI-EST/DSIC CA I have tried a few things but nothing working.

The page is a link from a government site to set up appointments. The name is: *.gouv.fr Certificate issued by Issued by: SGAMI-EST/DSIC CA I have tried a few things but nothing working.

All Replies (14)

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?

You can check the server.

more options

The public site is: http://www.hauts-de-seine.gouv.fr/Prendre-un-rendez-vous

And I am trying to connect to an option toward the bottom of the page. See image below.

more options

You would have to install the included self-signed root certificate in the Firefox Certificate Manager under the Authorities tab. Because this certificate needs to work as a root certificate, you need to tick the first box to use the certificate to recognize websites. I need to remove the www. prefix from the link to make the certificate work (*.gouv.fr wouldn't match with the extra www. prefix).

You can find the two certificate if you click the blue SEC_ERROR_UNKNOWN_ISSUER text or the error page. You need the second certificate (SGAMI-EST/DSIC CA).

  • Subject: CN=SGAMI-EST/DSIC CA
  • Issuer: CN=SGAMI-EST/DSIC CA

-----BEGIN CERTIFICATE-----
MIIFRzCCAy+gAwIBAgIJAL/TulBthWosMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV
BAMMEVNHQU1JLUVTVC9EU0lDIENBMB4XDTE3MTEwMzA5MTEzM1oXDTI3MTEwMTA5
MTEzM1owHDEaMBgGA1UEAwwRU0dBTUktRVNUL0RTSUMgQ0EwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCw2YoM3eZivm4sLxUdaViC8A3cVwrUTBQUN4XM
Rfxd99RQxCp5KEw0JWhTWgHdKdsNfCEWEkeWEVj/UJBNJeKZMaLBZydXzso4zX+V
/czrlBAc8Cb6HLRQ4gpfsotz0SE7H6+U5vb713Cr40072F0cHwXE0j822oBNWoOI
uKjsKsG0K4WvHaOlp8teTYkddW2BlhgW+SAbJxVPJSTnF6tS0ZQh/pBos6+oz8id
+utKwZgfK+u7tfyCpqqXopxKf7/cYFN3iZRJScYM7XhPX6xj07nPBtwNfChK+tmE
IBGRPGXEqoi8aFrJmL6lcCnp1AGqFcxyX4Hf+kv96Twz5UIdjurjMKcOttQfjgPj
UTPr10/Sib5ox6IcIJQO/E0AaN+upPohvuz125I2OeLYuqGg+Cs/kTkO2S9xV0O1
ddfrZn3laA/6jQ1fLcKoOHFM6gBuLbyykL/teEifv3FenT7JhxwLpIwPP1UgyFuh
0HGA1NiY/kJL6FygUMY2a43BFBdAwdiVUPm4wia6NBN5wT/qMwwIddVXHz/LCF+1
q+MBv60rDsX+s7Dx32AYgkrvF+CWTwpA+kRbuUFAdaiO4Y3C1KDqtS69lMipqmeq
jRJuIKtBMEG4zJxJS3siOa+o5I7YSeE0mXOcDysmbElfYWuHUCyiBKWlC1iJb68T
49wUAQIDAQABo4GLMIGIMB0GA1UdDgQWBBTzwcBIgF97jxaNps/EWaswzjmNPjBM
BgNVHSMERTBDgBTzwcBIgF97jxaNps/EWaswzjmNPqEgpB4wHDEaMBgGA1UEAwwR
U0dBTUktRVNUL0RTSUMgQ0GCCQC/07pQbYVqLDAMBgNVHRMEBTADAQH/MAsGA1Ud
DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEArZnEq9WYaVCipjyRdSdqZq8j2c89
Mr9YCP9XDh3buS/n6AwMUvK8lsKCHLExmZv9DsMOJj3pLeDPlIs57vYAgyL9kRRB
qS1u/GS0FojfNES3KV2ge3xgO1iuNRR5YyQuLeiiXL/2mimwUBv8EDvL9Jl79hAJ
FjJ1dKnSav85Kl40hJSJkxnNDl5KAqJYWrAFU9bFJgNQx8owu2K61IzKlU/BBFyW
PneouRq+xuAO8edIA1yOZf+w2o8PEcxHWs8y9DFEePEMIrPE0SoKmNsSwjxmtSSw
sFuHSJS+80k4MKzvU5esn+n6O8dWTNnoMBfGTusMVdNuNJsmqSmQ/7FNlyqja2Ln
lRTEJLJT4i66HNMtgQkr+KdV19PpxiBH2/L3pH/1/gxQPSyUd5o0cVZXXc7MWWWa
q0Wjg9uKI5eYDcr1LkmI0fvEdpAbAVjmW/px0Th6FceHExfIfsdXZIKasvGDjl7j
9AaY9JH4XYuBoNXklnmE9Rp6Y3K6WatqD3m4GqaQek3Kmndz/Qi1BM/yb1TukNUL
8IpuYOBEwU0mOsj3kzHn8KzbFrdOL1apAR2PdLi9FZaCxq+2oJpJvpdpRLG7ozPK
ZOPaFt1E0xghkcPkmIdEdQE2MMWMRBBemzlUjaaEVuBawY7kr4F14B+wBcqv306i
92e1CW2m3PqETa0=
-----END CERTIFICATE-----
more options

Any possibility you can provide step by step for an idiot??

more options

First you need to create a text file with the above posted certificate text including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" headers. Use "Save As" in the text editor and save the file as SGAMI-EST_DSIC_CA.cer. Make sure that all files is selected in the dialog to prevent getting a hidden .txt file extension in Windows.

You can import this certificate file in the Firefox Certificate Manager under the Authorities tab.

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities: Import

Browse to the SGAMI-EST_DSIC_CA.cer file you create earlier and click open to install the certificate.

When prompted, place a tick on "Trust this CA to identify websites" to make the imported certificate work as a trusted root certificate to trust websites. Note that trust bits should only be set for a trusted root certificate and never for intermediate certificates.

If you reload the page with the link and have removed the www. prefix then Firefox should open the page.

more options

Really appreciate your help and can understand if I'm asking too much... I am on Mac OSX 10.13 Have created certificate on TextEdit but had to force it to save as .cer (it wanted .rtf) Have imported it to Firefox and nothing happened, ie, no prompt to tick "Trust this CA to identify websites" Tried to reload page without www and no go :( I don't think my certificate loaded/imported. Started to look at Keychain Certificate Assistant but over my head. Any ideas??

more options

If you open the file in Firefox, do you see a plain text file with the same content as posted above?

If TextEdit saved the file as a RTF file then the file might have formatting code that makes the file not to work in Firefox. Try to save the file in TextEdit another time and make sure to save the file as a plain text file.

more options

It's clearly a problem with TextEdit I can't save file as .cer. The options are rich text format (.rtf) Open Document Text (.odt), .html, docx, .xml or .doc.

I am trying to investigate how to create the .cer file on Mac.

The file never seems to import into Firefox...it never shows up on the certificate list, though I'm not entirely sure how it would appear in the list (by file name SGAMI-EST_DSIC_CA or some other listing??).

more options
more options

ok..minor progress! I converted text to plain text and tried to save as .cer file but it wouldn't allow it. I changed the file ending to .cer in the finder.

It allowed the file to be imported and prompted me to tick "Trust this CA to identify websites"

Image below of certificate in list and the info of certificate. Note the change of file name from SGAMI-EST_DSIC_CA to SGAMI-EST/DSIC CA

However...reloaded web page in question and still get 403 Forbidden error

(
more options

I also get the forbidden error, but at least the certificate is working now. I don't know if you need to login to the website to make the page work.

On further investigation, I notice a lot of links that use the open http:// protocol that give the same 403 forbidden response, so I assume that the website actually isn't meant to be accessed via the secure https: protocol.

I think you will have to contact the website and ask them how to access these pages.

See also this French forum.

more options

Thanks very much for your help. The website should be completely open except for this new appointment system which they have added. But even this should work on the lowest common denominator - the purpose is for the public to make appointments for their visas etc... most wouldn't even have computers. Interestingly, the same thing happens when accessed via phone. I will try to contact them. Again, many thanks for your help!!

more options

You're welcome. I think that you can ignore the SEC_ERROR_UNKNOWN_ISSUER message and use a an open http: protocol for now (i.e. change https:// to http:// in the location bar).

You can point them to the certificate issue as well.

more options

I am not able to access the page with the open http: protocol http://hauts-de-seine.gouv.fr/booking/create/12312

Can you?