Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

after version 15 to 16 upgrade i cannot open my https sites which are signed by my CA

  • 5 replies
  • 2 have this problem
  • 2 views
  • Last reply by jazzl0ver

jazzl0ver
jazzl0ver
more options

My CA certificate has been imported into Firefox for ages. I had no problems opening my secured sites. After upgrading 15 to 16, I started getting untrusted connections warnings.

The CA certificate: 

-----BEGIN CERTIFICATE-----
MIIEnTCCA4WgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCUlUx
GzAZBgNVBAgTElJ1c3NpYW4gRmVkZXJhdGlvbjEWMBQGA1UEBxMNU3QuUGV0ZXJz
YnVyZzEWMBQGA1UEChMNQUJJU29mdCwgTHRkLjEWMBQGA1UEAxMNQUJJU29mdCwg
THRkLjEhMB8GCSqGSIb3DQEJARYSd3d3QGFiaXNvZnQuc3BiLnJ1MB4XDTA0MDkx
MDEzNDIxMVoXDTE0MDkxMDEzNDIxMVowgZUxCzAJBgNVBAYTAlJVMRswGQYDVQQI
ExJSdXNzaWFuIEZlZGVyYXRpb24xFjAUBgNVBAcTDVN0LlBldGVyc2J1cmcxFjAU
BgNVBAoTDUFCSVNvZnQsIEx0ZC4xFjAUBgNVBAMTDUFCSVNvZnQsIEx0ZC4xITAf
BgkqhkiG9w0BCQEWEnd3d0BhYmlzb2Z0LnNwYi5ydTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANveA0gmTohUYD8qxfnbECAcbJ26hfUD0st2KX+65dzp
HG5ELWgjRG2CNbF5aRoRWSNaRUgZjTeeL7HwGJTGcQ/0ofyDlGXdyvzMzkhbjN4Y
GUHhW5tdhoCldWBn8UI69Z1e+f22rMDVJOpJujO3FdxfAEWv0bn59W9HplNQkv+J
T3/ien28QZAK7jDzsI+5cOAXQNnUGgv+mGViBYkCLKJOsR2WPDTtmuakD8mzB9rr
q27PVXaV8NyUedEVwuynsA9GTNQ9x5iKh9RptPVZqZR7uXhZswh5jcMVYLACGDUi
3kqhBv8uPcNidOeVf0LT17U9sOSGIIXt3htEhI5UtEsCAwEAAaOB9TCB8jAdBgNV
HQ4EFgQUzwx/YGwNBGKGAXuPJUchMkNnHz4wgcIGA1UdIwSBujCBt4AUzwx/YGwN
BGKGAXuPJUchMkNnHz6hgZukgZgwgZUxCzAJBgNVBAYTAlJVMRswGQYDVQQIExJS
dXNzaWFuIEZlZGVyYXRpb24xFjAUBgNVBAcTDVN0LlBldGVyc2J1cmcxFjAUBgNV
BAoTDUFCSVNvZnQsIEx0ZC4xFjAUBgNVBAMTDUFCSVNvZnQsIEx0ZC4xITAfBgkq
hkiG9w0BCQEWEnd3d0BhYmlzb2Z0LnNwYi5ydYIBADAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBBAUAA4IBAQCK8K80TR5Tx7Y+ll9iZhUrpj459Mir9NLktlct9BIg
bPkk3adolW1+17NBZuVWN9Cw2c2FEKa73MkLSTDvoqR/6gozvMrJDe2GCnGXuGeY
ID8JvXtfOL4aubomDnZEaYsu7tB2Un6tC6KTPjOcyU1mhRb+mPywzt95I+wNv3DL
b65htIZ+uMxEHs4Ej227F1NHKZmc3JCJyjZ1z+k4zQ9BNbzBuUeaHAvvcVhEUM4J
980I02XQ955Tw66IAvxlrrHReQeUuLaj0uI7s6VYyyHeFSk/mNTO5/nq6fLbFXzs
c+cFFVIPCeBQ+qE/nfN9p+7s4pMIssI1UeMCpoSqCxNd
-----END CERTIFICATE-----

The site certificate: 

-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIBHzANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCUlUx
GzAZBgNVBAgTElJ1c3NpYW4gRmVkZXJhdGlvbjEWMBQGA1UEBxMNU3QuUGV0ZXJz
YnVyZzEWMBQGA1UEChMNQUJJU29mdCwgTHRkLjEWMBQGA1UEAxMNQUJJU29mdCwg
THRkLjEhMB8GCSqGSIb3DQEJARYSd3d3QGFiaXNvZnQuc3BiLnJ1MB4XDTA4MDMx
OTE2NTk0N1oXDTE4MDMxNzE2NTk0N1owgZIxCzAJBgNVBAYTAlJVMRswGQYDVQQI
ExJSdXNzaWFuIEZlZGVyYXRpb24xFjAUBgNVBAcTDVN0LlBldGVyc2J1cmcxEDAO
BgNVBAoTB0FCSVNvZnQxGTAXBgNVBAMUECouYWJpc29mdC5zcGIucnUxITAfBgkq
hkiG9w0BCQEWEnd3d0BhYmlzb2Z0LnNwYi5ydTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALCJr++XBSRdp/JXx7MRWl6xKa7+WeqwI/jV9tEicC0jn4qa
wreX9maHji74YOdmyS3TY5ak1HJm9WZ9/g09u50Xz01ba2DD6X3eRoZBiPew6GKn
CtZLIg5qRSgsbKfC31Q7qe6cZyFgy2deE508PvCpu0Ai8VkJhbHwJxJRa9Zk1/CO
fr+h4c3DFYNp8tsFtL+5VryzSZetMUtWI4qlhKTc8NuNREkqz3kqAbZbfMMmIZuE
UWG2znuSPN87ONdNDOfOgOfUaMSMlvUtfsHNUulK/CrZfPy1NZ52FtKZaoDTQQn3
jkfTQGSpqogIhIZUyElUh2TPRNzyxWwjYAz6ojUCAwEAAaM4MDYwNAYDVR0fBC0w
KzApoCegJYYjaHR0cDovL3d3dy5hYmlzb2Z0LnNwYi5ydS9jYWNybC5wZW0wDQYJ
KoZIhvcNAQEEBQADggEBAFO+vbwrJmwFT7YzJGTodrJYFQVei9gMkGOzXdKJlKVA
TCr3PSyBrICZ2pFWx7zES0VCKaEcGa5aigxSwgZURidfWHM4Zxmj+egUmSVXKGjM
v8qbA1zN+LJEYEKuE2PKluPTHJiMbHSi6yWxsC4zhAKIDCMCXHS3i35u8g1Otoyj
WXccm+YGcBHF0Vw/c9eV6NzUb8QNKhIF+O6AfXwzUOhPikvXGibsElwv/8RY76lk
8xroATlm1hlmIoHiddOrE2BbDxd/KevFV7vin/luZBoHLxrD2eQmize3zGCUUB7f
33uhnhZ8btXuJ9YZgRv0KX38OXY1Q2ZaNDEqhermFdg=
-----END CERTIFICATE-----
My CA certificate has been imported into Firefox for ages. I had no problems opening my secured sites. After upgrading 15 to 16, I started getting untrusted connections warnings. The CA certificate: <br /> <pre><nowiki>-----BEGIN CERTIFICATE----- MIIEnTCCA4WgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCUlUx GzAZBgNVBAgTElJ1c3NpYW4gRmVkZXJhdGlvbjEWMBQGA1UEBxMNU3QuUGV0ZXJz YnVyZzEWMBQGA1UEChMNQUJJU29mdCwgTHRkLjEWMBQGA1UEAxMNQUJJU29mdCwg THRkLjEhMB8GCSqGSIb3DQEJARYSd3d3QGFiaXNvZnQuc3BiLnJ1MB4XDTA0MDkx MDEzNDIxMVoXDTE0MDkxMDEzNDIxMVowgZUxCzAJBgNVBAYTAlJVMRswGQYDVQQI ExJSdXNzaWFuIEZlZGVyYXRpb24xFjAUBgNVBAcTDVN0LlBldGVyc2J1cmcxFjAU BgNVBAoTDUFCSVNvZnQsIEx0ZC4xFjAUBgNVBAMTDUFCSVNvZnQsIEx0ZC4xITAf BgkqhkiG9w0BCQEWEnd3d0BhYmlzb2Z0LnNwYi5ydTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBANveA0gmTohUYD8qxfnbECAcbJ26hfUD0st2KX+65dzp HG5ELWgjRG2CNbF5aRoRWSNaRUgZjTeeL7HwGJTGcQ/0ofyDlGXdyvzMzkhbjN4Y GUHhW5tdhoCldWBn8UI69Z1e+f22rMDVJOpJujO3FdxfAEWv0bn59W9HplNQkv+J T3/ien28QZAK7jDzsI+5cOAXQNnUGgv+mGViBYkCLKJOsR2WPDTtmuakD8mzB9rr q27PVXaV8NyUedEVwuynsA9GTNQ9x5iKh9RptPVZqZR7uXhZswh5jcMVYLACGDUi 3kqhBv8uPcNidOeVf0LT17U9sOSGIIXt3htEhI5UtEsCAwEAAaOB9TCB8jAdBgNV HQ4EFgQUzwx/YGwNBGKGAXuPJUchMkNnHz4wgcIGA1UdIwSBujCBt4AUzwx/YGwN BGKGAXuPJUchMkNnHz6hgZukgZgwgZUxCzAJBgNVBAYTAlJVMRswGQYDVQQIExJS dXNzaWFuIEZlZGVyYXRpb24xFjAUBgNVBAcTDVN0LlBldGVyc2J1cmcxFjAUBgNV BAoTDUFCSVNvZnQsIEx0ZC4xFjAUBgNVBAMTDUFCSVNvZnQsIEx0ZC4xITAfBgkq hkiG9w0BCQEWEnd3d0BhYmlzb2Z0LnNwYi5ydYIBADAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBBAUAA4IBAQCK8K80TR5Tx7Y+ll9iZhUrpj459Mir9NLktlct9BIg bPkk3adolW1+17NBZuVWN9Cw2c2FEKa73MkLSTDvoqR/6gozvMrJDe2GCnGXuGeY ID8JvXtfOL4aubomDnZEaYsu7tB2Un6tC6KTPjOcyU1mhRb+mPywzt95I+wNv3DL b65htIZ+uMxEHs4Ej227F1NHKZmc3JCJyjZ1z+k4zQ9BNbzBuUeaHAvvcVhEUM4J 980I02XQ955Tw66IAvxlrrHReQeUuLaj0uI7s6VYyyHeFSk/mNTO5/nq6fLbFXzs c+cFFVIPCeBQ+qE/nfN9p+7s4pMIssI1UeMCpoSqCxNd -----END CERTIFICATE----- </nowiki></pre> The site certificate: <br /> <pre><nowiki>-----BEGIN CERTIFICATE----- MIID3DCCAsSgAwIBAgIBHzANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCUlUx GzAZBgNVBAgTElJ1c3NpYW4gRmVkZXJhdGlvbjEWMBQGA1UEBxMNU3QuUGV0ZXJz YnVyZzEWMBQGA1UEChMNQUJJU29mdCwgTHRkLjEWMBQGA1UEAxMNQUJJU29mdCwg THRkLjEhMB8GCSqGSIb3DQEJARYSd3d3QGFiaXNvZnQuc3BiLnJ1MB4XDTA4MDMx OTE2NTk0N1oXDTE4MDMxNzE2NTk0N1owgZIxCzAJBgNVBAYTAlJVMRswGQYDVQQI ExJSdXNzaWFuIEZlZGVyYXRpb24xFjAUBgNVBAcTDVN0LlBldGVyc2J1cmcxEDAO BgNVBAoTB0FCSVNvZnQxGTAXBgNVBAMUECouYWJpc29mdC5zcGIucnUxITAfBgkq hkiG9w0BCQEWEnd3d0BhYmlzb2Z0LnNwYi5ydTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALCJr++XBSRdp/JXx7MRWl6xKa7+WeqwI/jV9tEicC0jn4qa wreX9maHji74YOdmyS3TY5ak1HJm9WZ9/g09u50Xz01ba2DD6X3eRoZBiPew6GKn CtZLIg5qRSgsbKfC31Q7qe6cZyFgy2deE508PvCpu0Ai8VkJhbHwJxJRa9Zk1/CO fr+h4c3DFYNp8tsFtL+5VryzSZetMUtWI4qlhKTc8NuNREkqz3kqAbZbfMMmIZuE UWG2znuSPN87ONdNDOfOgOfUaMSMlvUtfsHNUulK/CrZfPy1NZ52FtKZaoDTQQn3 jkfTQGSpqogIhIZUyElUh2TPRNzyxWwjYAz6ojUCAwEAAaM4MDYwNAYDVR0fBC0w KzApoCegJYYjaHR0cDovL3d3dy5hYmlzb2Z0LnNwYi5ydS9jYWNybC5wZW0wDQYJ KoZIhvcNAQEEBQADggEBAFO+vbwrJmwFT7YzJGTodrJYFQVei9gMkGOzXdKJlKVA TCr3PSyBrICZ2pFWx7zES0VCKaEcGa5aigxSwgZURidfWHM4Zxmj+egUmSVXKGjM v8qbA1zN+LJEYEKuE2PKluPTHJiMbHSi6yWxsC4zhAKIDCMCXHS3i35u8g1Otoyj WXccm+YGcBHF0Vw/c9eV6NzUb8QNKhIF+O6AfXwzUOhPikvXGibsElwv/8RY76lk 8xroATlm1hlmIoHiddOrE2BbDxd/KevFV7vin/luZBoHLxrD2eQmize3zGCUUB7f 33uhnhZ8btXuJ9YZgRv0KX38OXY1Q2ZaNDEqhermFdg= -----END CERTIFICATE-----</nowiki></pre>

Modified by cor-el

Chosen solution

I've found what's happened (I had to read what firefox says thoroughly before posting a support request, sorry for that): The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

I was able to revert settings back by enabling this key in about:config: security.enable_md5_signatures

Read this answer in context 👍 0

All Replies (5)

dumdidadida
dumdidadida
more options

Hi,

One possible reason could be errors in the CA certificate. You can try to add five dashes (i.e. -----) before BEGIN and END, paste the full contents into notepad, save it with .cer extension and then Import (ABIsoft) it via Firefox Tools (Alt + T) > Options > Advanced > Encryption > View Certificates > Authorities.

jazzl0ver
jazzl0ver Question owner
more options

I do have it

dumdidadida
dumdidadida
more options

On the same screen, you can click Edit Trust... and enable (tick) This certificate can identify websites. If problems persist, you can try deleting cert8.db in the Firefox Profile Folder after exiting Firefox, and then re-import the certificate with the correct trust bits set.

To open the profile folder via Firefox: Help (Alt + H) > Troubleshooting Information > Show Folder.

If the above two basics are correct, see also: Stop accepting MD5 as a hash algorithm in signatures

Modified by dumdidadida

jazzl0ver
jazzl0ver Question owner
more options

I'm sorry - your suggestions didn't help. The bits are set and I deleted the cert8.db - it still says "unknown identity"

Modified by jazzl0ver

jazzl0ver
jazzl0ver Question owner
more options

Chosen Solution

I've found what's happened (I had to read what firefox says thoroughly before posting a support request, sorry for that): The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

I was able to revert settings back by enabling this key in about:config: security.enable_md5_signatures