X
Tap here to go to the mobile version of the site.

Support Forum

Untrusted connection does not contain I understand the risks

Posted

Trying to access a site where the IP has changed and receive "This Connection is Untrusted" with no option to select I understand the risks. Need assistance in resolving this.

The site worked fine prior to IP change.

Trying to access a site where the IP has changed and receive "This Connection is Untrusted" with no option to select I understand the risks. Need assistance in resolving this. The site worked fine prior to IP change.

Chosen solution

yes, sorry i did edit the second part of the question in, after i have submitted it.

normally the i know the risks section & the possibility of adding an exception should be available for this kind of error - could you check if it showing up at https://mur.at ? thank you...

Read this answer in context 2

Additional System Details

Sites Affected

http://

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0

More Information

philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

what error code is shown, when you click on technical details & can you share the site where this is happening?

what error code is shown, when you click on technical details & can you share the site where this is happening?

Modified by philipp

Question owner

Thanks for the quick reply. The error is (Error code: sec_error_untrusted_issuer

Thanks for the quick reply. The error is (Error code: sec_error_untrusted_issuer

Question owner

Didn't see the second part of the question. The site is restricted and requires a certificate as well as VPN connectivity from our internal network.

Didn't see the second part of the question. The site is restricted and requires a certificate as well as VPN connectivity from our internal network.
cor-el
  • Top 10 Contributor
  • Moderator
17475 solutions 157942 answers

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates that are used in the Details pane.

Some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates. * Click the link at the bottom of the error page: "I Understand the Risks" Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate". * Click the "View..." button and inspect the certificate and check who is the issuer. You can see more Details like intermediate certificates that are used in the Details pane. Some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

Chosen Solution

yes, sorry i did edit the second part of the question in, after i have submitted it.

normally the i know the risks section & the possibility of adding an exception should be available for this kind of error - could you check if it showing up at https://mur.at ? thank you...

yes, sorry i did edit the second part of the question in, after i have submitted it. normally the i know the risks section & the possibility of adding an exception should be available for this kind of error - could you check if it showing up at https://mur.at ? thank you...

Question owner

cor-el - The problem is there is no link for "I Understand the Risks" That is the issue I am reporting and need assistance with. There is just get me out of here.

cor-el - The problem is there is no link for "I Understand the Risks" That is the issue I am reporting and need assistance with. There is just get me out of here.

Question owner

madperson - yes it does show at https://mur.at..with the ability to add the exception.

Thanks Danny

madperson - yes it does show at https://mur.at..with the ability to add the exception. Thanks Danny
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

can you try to remove the old certificate/exception for this site in firefox > options > advanced > encryption > view certificates > servers & see if it's working afterwards?!

can you try to remove the old certificate/exception for this site in firefox > options > advanced > encryption > view certificates > servers & see if it's working afterwards?!

Question owner

madperson - Tried that and no change. Closed and restarted the browser and still no difference.

madperson - Tried that and no change. Closed and restarted the browser and still no difference.
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

ok, then another thing to test: go to firefox > help > troubleshooting information and open the profile directory (then close firefox). in the profile folder rename the files cert_override.txt & cert8.db to something like oldcert... & launch firefox again.

ok, then another thing to test: go to firefox > help > troubleshooting information and open the profile directory (then close firefox). in the profile folder rename the files cert_override.txt & cert8.db to something like oldcert... & launch firefox again.

Question owner

madperson - tried the last thing you suggested and still the same.

Danny

madperson - tried the last thing you suggested and still the same. Danny
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

hello, is the site on a ipv6 adress? then bug #633001 might be at work here (although the problem describtion slightly differs from the problem you've described)

another thing to try would be launching firefox in safemode and to see if the "i understand the risk" section is showing up, to make sure that no addons are interfering.

Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems

or in case this fails too, you could try exporting the certificate on another working pc (again in in firefox > options > advanced > encryption > view certificates > servers) into a certificate file & import that again on your firefox.

hello, is the site on a ipv6 adress? then [https://bugzilla.mozilla.org/show_bug.cgi?id=633001 bug #633001] might be at work here (although the problem describtion slightly differs from the problem you've described) another thing to try would be launching firefox in safemode and to see if the "i understand the risk" section is showing up, to make sure that no addons are interfering. [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] or in case this fails too, you could try exporting the certificate on another working pc (again in in firefox > options > advanced > encryption > view certificates > servers) into a certificate file & import that again on your firefox.

Question owner

Safemode did not make any difference. I am having the vendor for the site I am trying to access, which is really an appliance change the SSL cert on that device to see if that will make a difference. Amazing I can access it with I.E. and not Firefox. Will see if that makes a difference.

Will let you know how this progresses.

Thanks Danny

Safemode did not make any difference. I am having the vendor for the site I am trying to access, which is really an appliance change the SSL cert on that device to see if that will make a difference. Amazing I can access it with I.E. and not Firefox. Will see if that makes a difference. Will let you know how this progresses. Thanks Danny
shrenikd 0 solutions 2 answers

I have a very specific case where I can reproduce this - we basically have the browser pointing to one https URL, and an iframe on it pointing to a different https URL. The untrusted connection in the iframe does not have the "I understand the risks" option. This is a regression from the previous releases.

This is reproducible on FFox 13.0, cleanly installed on a fresh Windows 7 64bit.

I'll be happy to repost this as a new issue if you think it is unrelated to the one in this thread.

I have a very specific case where I can reproduce this - we basically have the browser pointing to one https URL, and an iframe on it pointing to a different https URL. The untrusted connection in the iframe does not have the "I understand the risks" option. This is a regression from the previous releases. This is reproducible on FFox 13.0, cleanly installed on a fresh Windows 7 64bit. I'll be happy to repost this as a new issue if you think it is unrelated to the one in this thread.
philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

hey shrenikd, thank you for looking into the issue. did the regression occur when updating from firefox 12 to v13?

in case you can reproduce the issue, i'd recommend filing a bug report with a detailed description of the issue at https://bugzilla.mozilla.org so that the developers get aware of the issue directly.

hey shrenikd, thank you for looking into the issue. did the regression occur when updating from firefox 12 to v13? in case you can reproduce the issue, i'd recommend filing a bug report with a detailed description of the issue at https://bugzilla.mozilla.org so that the developers get aware of the issue directly.
cor-el
  • Top 10 Contributor
  • Moderator
17475 solutions 157942 answers

Can you add an exception directly via the Certificate Manager?

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers
Can you add an exception directly via the Certificate Manager? *Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers
shrenikd 0 solutions 2 answers

madperson: I just found out that this has already been filed - https://bugzilla.mozilla.org/show_bug.cgi?id=756841
I did not test v12 -> v13 since I didn't have a v12, but I clearly remember not hitting this issue on some previous version of Firefox (which unfortunately I don't remember).

cor-el: I opened the iframe in a new tab, added an exception under the "I understand the risks" section and the error didn't show up again as expected. However, the problem is not the error showing up (since it should when the cert is untrusted), but its the missing "I understand the risks" option.

madperson: I just found out that this has already been filed - https://bugzilla.mozilla.org/show_bug.cgi?id=756841<br /> I did not test v12 -> v13 since I didn't have a v12, but I clearly remember not hitting this issue on some previous version of Firefox (which unfortunately I don't remember). cor-el: I opened the iframe in a new tab, added an exception under the "I understand the risks" section and the error didn't show up again as expected. However, the problem is not the error showing up (since it should when the cert is untrusted), but its the missing "I understand the risks" option.

Modified by cor-el

philipp
  • Top 25 Contributor
  • Moderator
5306 solutions 23424 answers

Helpful Reply

hello shrenikd & dtrager - apparently the hiding of the possibility to add exceptions in an iframe is by design in order to avoid fraudulent attempts to apply a certificate to users who think they are on a different page (see new comments on the bug).

@dtrager - in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.

hello shrenikd & dtrager - apparently the hiding of the possibility to add exceptions in an iframe is by design in order to avoid fraudulent attempts to apply a certificate to users who think they are on a different page (see new comments on the bug). @dtrager - in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.

Question owner

@madperson - that helps as it allows access, however not able to add the exception permanently. So it is a work around for the moment until we can figure out what the issue is with the certificates.

Appreciate all of the assistance and suggestions.

Have a great day.

Danny

@madperson - that helps as it allows access, however not able to add the exception permanently. So it is a work around for the moment until we can figure out what the issue is with the certificates. Appreciate all of the assistance and suggestions. Have a great day. Danny

Helpful Reply

I have resolved this issue. What I had to do was the following:

right click on the iframe and select view frame info. Copy the address that is presented and add it to server certificates. It allows you to add the exception permanently.

Appreciate the assistance, suggestions etc.

Danny

I have resolved this issue. What I had to do was the following: right click on the iframe and select view frame info. Copy the address that is presented and add it to server certificates. It allows you to add the exception permanently. Appreciate the assistance, suggestions etc. Danny