X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

How do I get Firefox to allow secure connections with sites I trust?

Posted

I just updated to the latest version of Firefox (18.0.1) and I find that I can no longer navigate to fully half of the sites I used to, such as Gmail and Facebook. Most of the sites I go to now don't even look right, they just display text, no UI. Even as I type this up, there's only text. I tried to use Firefox's own tool to find which plugins I had installed, and it gave me the same "This connection is untrusted" message. Most of the sites I got to allow me to make an exception, but Gmail doesn't, nor does the Firefox plugin page. I've used Firefox for years but this is the first time I've ever had an issue like this.

Chosen solution

Make sure that you do not run Firefox in (permanent) Private Browsing mode.

  • Tools > Options > Privacy: Use custom settings for history
  • Deselect: [ ] "Always use private browsing mode"

Also check via the right-click context menu that you aren't opening pages in a frame.

Read this answer in context 2

Additional System Details

Installed Plug-ins

Lavafox (latest version) AdBlock Plus 2.2.2 Download Statusbar 0.9.10

Application

  • User Agent:

More Information

Application Basics
Name
Firefox
Version
18.0.1
User Agent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Build Configuration
about:buildconfig
Extensions
Name
Version
Enabled
ID
Adblock Plus
2.2.2
true
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Download Statusbar
0.9.10
true
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
Java Console
6.0.33
true
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Java Console
6.0.35
true
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
Important Modified Preferences
Name
Value
accessibility.typeaheadfind
true
accessibility.typeaheadfind.flashBar
0
browser.cache.disk.capacity
358400
browser.cache.disk.smart_size.first_run
false
browser.cache.disk.smart_size.use_old_max
false
browser.cache.disk.smart_size_cached_value
358400
browser.places.smartBookmarksVersion
4
browser.startup.homepage
http://google.com
browser.startup.homepage_override.buildID
20130116073211
browser.startup.homepage_override.mstone
18.0.1
browser.tabs.warnOnOpen
false
extensions.lastAppVersion
18.0.1
gfx.direct3d.prefer_10_1
true
network.cookie.prefsMigrated
true
places.database.lastMaintenance
1359330785
places.history.expiration.transient_current_max_pages
104858
places.history.expiration.transient_optimal_database_size
167772160
privacy.sanitize.migrateFx3Prefs
true
security.warn_viewing_mixed
false
Graphics
Adapter Description
NVIDIA GeForce GTX 460
Adapter Drivers
nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
Adapter RAM
1023
Device ID
0x0e22
Direct2D Enabled
true
DirectWrite Enabled
true (6.1.7601.17789)
Driver Date
10-2-2012
Driver Version
9.18.13.697
GPU #2 Active
false
GPU Accelerated Windows
5/5 Direct3D 10
Vendor ID
0x10de
WebGL Renderer
Google Inc. -- ANGLE (NVIDIA GeForce GTX 460)
AzureCanvasBackend
direct2d
AzureContentBackend
direct2d
AzureFallbackCanvasBackend
cairo
JavaScript
Incremental GC
true
Accessibility
Activated
false
Prevent Accessibility
0
Library Versions
Expected minimum version
Version in use
NSPR
4.9.4
4.9.4
NSS
3.14.1.0 Basic ECC
3.14.1.0 Basic ECC
NSSSMIME
3.14.1.0 Basic ECC
3.14.1.0 Basic ECC
NSSSSL
3.14.1.0 Basic ECC
3.14.1.0 Basic ECC
NSSUTIL
3.14.1.0
3.14.1.0

cor-el
  • Top 10 Contributor
  • Moderator
10756 solutions 96800 answers

Check out why the site is untrusted (see the Technical details) and if this is caused by a missing intermediate certificate then see if you can install this intermediate certificate from another source.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates that are used in the Details pane.

Some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.
Some examples are ESET and Bitdefender.

  • ESET setup -> advanced setup -> extend web and email tree -> SSL
  • SSL protocol: Do not scan SSL protocol
  • BitDefender -> Privacy settings -> disable Scan SSL

Helpful Reply

With Gmail, the Technical Details say the following:

    accounts.google.com uses an invalid security certificate.
    The certificate is not trusted because no issuer chain was provided.
    (Error code: sec_error_unknown_issuer)

There is no option to bypass this message. Also, I use ESET and have already checked to make sure that the option is set to not scan SSL protocol. And this still does not tell me why Facebook and other websites that I have allowed the exception for do not display images.

This whole thing is very frustrating to me since Firefox worked perfectly prior to it being updated to version 18. And I can access all of my sites from within IE9 and Google Chrome.

Do you have any other ideas?

cor-el
  • Top 10 Contributor
  • Moderator
10756 solutions 96800 answers

Did you check the certificate like I posted above?

philipp
  • Top 10 Contributor
  • Moderator
2046 solutions 8901 answers

Helpful Reply

For SSL communication to work properly in your browsers/email clients, it is essential that the root certificate for ESET, spol. s r.o. be added to the list of known root certificates (publishers). Therefore, the Add the root certificate to known browsers option should be enabled. Select this option to automatically add the ESET root certificate to the known browsers (e.g. Opera, Firefox). For browsers using the system certification store, the certificate is added automatically (e.g. Internet Explorer). To apply the certificate to unsupported browsers, click View Certificate > Details > Copy to File... and then manually import it into the browser.

(source: page 64 from http://download.eset.com/manuals/eset_ess_5_userguide_enu.pdf)

in case you cannot solve it that way you could also contact eset's support...

Question owner

@cor-el: There is no link at the bottom of the page that says "I understand the risks". There's just "Get me out of here" and "Technical Details". I've already done that method with several other websites and added exceptions in, so I don't know what to do.

@madperson: The option you indicated is grayed out if I have the "Do not scan SSL protocol" option enabled. It is checked, though. Also, I seriously doubt that it's my NOD32 that's causing the problem for two reasons. First, Firefox only started giving me grief after it updated to the latest version. Second, I temporarily disabled the security software and it didn't make a difference.

cor-el
  • Top 10 Contributor
  • Moderator
10756 solutions 96800 answers

Chosen Solution

Make sure that you do not run Firefox in (permanent) Private Browsing mode.

  • Tools > Options > Privacy: Use custom settings for history
  • Deselect: [ ] "Always use private browsing mode"

Also check via the right-click context menu that you aren't opening pages in a frame.

Question owner

I've never run Firefox in Private Browsing mode. I'm not sure what you mean by opening pages in a frame, but I always open up a new tab and type in a url directly to the bar.

Question owner

Well that's weird. I downgraded to Firefox 13 (it was the only one I actually had) and restarted my computer. And that seemed to have fixed it. So, thanks.