Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Unusuall frequent SSL Certificate Errors

  • 10 replies
  • 2 have this problem
  • 101 views
  • Last reply by Jancarius

more options

Hello Firefox community

I use Firefox as my primary browser on 5 devices - personal desktop, work laptop, spouse desktop, spouse laptop, and personal laptop. On only my personal laptop, I frequently encounter SSL cert errors warning me of invalid issuer. I don't encounter the same error on any other device (including also my phones). Is there some way I can force an update of the Firefox certificate repository? I assume these are being caused by out of date cert repositories or the like. The cert I get on the other devices is the same cert presented to this laptop; only the laptop issues the error.

Chosen solution

One possible explanation is the server not sending an intermediate certificate necessary to validate the site's own certificate up to a trusted root. But this is not so common that it would affect a lot of sites at once.

You could try removing Firefox's current certificate store file and let Firefox start a new one. The "Corrupted certificate store" section of the following article has the steps: What do the security warning codes mean?

Read this answer in context 👍 1

All Replies (10)

more options

hello Jancarius,

follow the steps:

1.) Correct the Date and Time on your Android Device and Computer

2.) Clear Browsing Data on browser.

3.) Check and Change WiFi Connection.

4.) Temporarily Disable Antivirus.

5.) Reset your Android Device and Computer.

6.) Goto Safe mode: ctrl+Shift+P

I hope resolved your problem then reply back to me.

Thank you!

Modified by ARMAN KHAN

Helpful?

more options

Unfortunately it did not. I'm not having an issue with my android device, only a Win10 laptop.

Helpful?

more options

hello again,

i know , Jancarius,

no problem,

follow the steps :

1.) Correct the Date and Time on your Computer

2.) Clear cookies and cache .

3.) Check and Change WiFi Connection.

4.) Temporarily Disable Antivirus. [this is compulsory ]

5.) Reset your Computer.

6.) Goto Safe mode: ctrl+Shift+P

I hope to resolve your problem then reply back to me.

Thank you!

Helpful?

more options

Using MalwareBytes, disabled all protections, then proceeded with steps. Issue remains.

Clarification request: Did you mean safe mode in the browser with Ctrl+Shift+P, or safe mode of the computer during boot

Modified by Jancarius

Helpful?

more options

Hi Jancarius, do you generally use Firefox's built-in certificate store on your browsers, or the system certificate store? You can check that in a somewhat obscure way:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste enterp and pause while the list is filtered

If the security.enterprise_roots.enabled preference has:

  • false => Firefox is using cert9.db in your profile as its certificate store for verification
  • true => Firefox is using the system certificate store for verification

Helpful?

more options

Jscher: Looks like it's set to false. I'm guessing if I change it to true, it will use my windows store, which I assume will be updated by Microsoft normally. Is there a way to force the update of the firefox db specifically?

Helpful?

more options

You can check if more detail is available about the issuer of the certificate.

  • click the "Advanced" button show more detail
  • click the blue error text (SEC_ERROR_UNKNOWN_ISSUER) to show the certificate chain
  • click "Copy text to clipboard" and paste the base64 certificate chain text in a reply

If clicking the blue error text doesn't provide the certificate chain then try these steps to inspect the certificate.

  • open the Servers tab in the Certificate Manager
  • Options/Preferences -> Privacy & Security
    Certificates: View Certificates -> Servers: "Add Exception"
  • paste the URL of the website (https://xxx.xxx) in it's Location field

Let Firefox retrieve the certificate -> "Get Certificate"

  • click the "View" button and inspect the certificate

You can find detail like the issuer of the certificate and intermediate certificates in the Details tab.

Helpful?

more options

Cor-el: Yes I'm familiar with how the cert chains work. I'm confident the chains in question are valid; even other browsers on the same computer show the same cert without the invalid ssl error.

Helpful?

more options

Chosen Solution

One possible explanation is the server not sending an intermediate certificate necessary to validate the site's own certificate up to a trusted root. But this is not so common that it would affect a lot of sites at once.

You could try removing Firefox's current certificate store file and let Firefox start a new one. The "Corrupted certificate store" section of the following article has the steps: What do the security warning codes mean?

Helpful?

more options

Thank you jscher2000, that was the working solution. After removing cert9 the errors seem to have vanished.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.