X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Error code: sec_error_expired_issuer_certificate

Posted

Firefox will not let me into Bt.com. I can in Internet Explorer. Firefox says ....www2.bt.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired..... Which seems unlikly For British Telecom. How do I check if this is safe and not corrupted or How should I override it....My computer date and time clock is correct.....Thanks Tony

Chosen solution

That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.

What do you see if you open the bt.com site and inspect the certificate chain?

You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates in the Details pane.

Read this answer in context 5

Additional System Details

This happened

Every time Firefox opened

This started when...

27.10.2011

Installed Plug-ins

  • Google Update
  • Shockwave Flash 11.0 r1
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.1
  • RealJukebox Netscape Plugin
  • RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • 12.0.1.647
  • Adobe PDF Plug-In For Firefox and Netscape "9.4.5"
  • Picasa plugin
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Coupons, Inc. Coupon Printer Plugin
  • Coupons, Inc. Coupon Printer DLL
  • iTunes Detector Plug-in
  • 4.0.50401.0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

More Information

toofySufi 0 solutions 1 answers

Helpful Reply

bt.com uses a Verisign cert. There's been a rash of problems like this lately with Verisign certs, in which FF thinks that the intermediate cert has expired; other browsers, however, pick up the correct, as-yet unexpired date. Nothing you can do but use another browser; bt.com will have to fix its cert.

Helpful Reply

Thanks toofySufi...I will gather the patience, energy & courage over the next few days to approach BT and see if they have the slightest understanding of your advice & can do something about it......I don't hold out much hope......Let's see what happens & I will keep you informed....Wish me Luck!...Tony

cor-el
  • Top 10 Contributor
  • Moderator
10746 solutions 96703 answers

There doesn't seem to be anything wrong with the certificate of the https://bt.com site as it works for me with a clean cert8.db file.

You can look for the "VeriSign Class 3 International Server CA - G3" intermediate certificate in the Certificate Manager and delete that certificate to make Firefox store a new certificate if the currently stored version has expired.

  • Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
  • Stored intermediate certificates show as "Software Security device" in the Certificate Manager.
  • Build-in root certificates show as "Builtin Object Token" on the Authorities tab in the Certificate Manager.

Question owner

Hi cor-el....The certificate is well within the expiry date. If I delete it will Firefox set up a new expiry date when I re-set up access to this site? & how do I recognise "VeriSign Class 3 International Server CA - G3" as the BT safety certificate....Thanks Tony

cor-el
  • Top 10 Contributor
  • Moderator
10746 solutions 96703 answers

You can open the Certificate Manager

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates
  • Go to the Authorities tab.
  • Scroll down to the VeriSign section.

Look for a certificate with the name "VeriSign Class 3 International Server CA - G3" that has "Software Security device" in the "Security Device" column.
Certificates labeled like that are intermediate certificate that Firefox stores automatically if a server is visited that sends such a certificate.
It is possible that yours is an older version that has expired and removing that stored certificate will make Firefox use the certificate send by the website.

Question owner

Hi cor-el...As I said, I went there and the expiry date is 07-02-2020. & why, before I delete it, is that particular VeriSign the BT safety certificate????? Thanks...T

cor-el
  • Top 10 Contributor
  • Moderator
10746 solutions 96703 answers

Chosen Solution

That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.

What do you see if you open the bt.com site and inspect the certificate chain?

You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates in the Details pane.

Question owner

Hi cor-el, followed all your instructions and found all the info.

Just about to go into delete problem certificate....checked BT.com and went straight in. Problem had disapeared, the same as it arrived. No explanation!

I think these computers just want to play mind games. 

I just want to say thank you for your time and information....at my age of 75 it's always great to learn new ideas. I shall look round in this unexplored area.......Thanks Tony

stewartBHCC 0 solutions 1 answers

I suspect this procedure has actually produced an exception, so following this advice will find it has 'been fixed', but if you uninstall Firefox (and remove registry entries, Mozilla data directories etc) then reinstall, I suspect you'll have the problem back.

I have the same issue with a secure site at work - Verisign Class 3 public Primary certificate valid until 5th April 2012 - works fine with IE8 and Opera 11.52 -

Firefox (7.0.1) gives "This connection is untrusted" - detail: <site> uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. (Error code: sec_error_expired_issuer_certificate)

?

cor-el
  • Top 10 Contributor
  • Moderator
10746 solutions 96703 answers

It is possible that Firefox is trying more than one cipher to connect to the server and that some ciphers produce this error.
I usually keep all 128 bit SSL3 ciphers disabled and only enable security.ssl3.rsa_rc4_128_md5 or security.ssl3.rsa_rc4_128_sha for sites that still only work with 128 bit and not 168 or 256 bit.