
stop FF from blocking most sites due to perceived security threat
I read numerous threads on this topic (ex: http://support.mozilla.org/en-US/questions/951920?page=3) but didn't any solution that works for me.
The only common site that seems to work for me now on FF version 23 is youtube. All mail sites, google search results, EVEN Mozilla's own add-on site are blocked (or at least repeatedly asks me to put an exemption for every page refresh ! ). The last (Mozilla) doesn't even give me the option to add it as an exception.
So far I have tried 1. uninstalling / reinstalling FF - several times since your initial upgrade this year that caused this issue to happen for me 2. obliterated my FF profile & any other file that relate to FF before reinstalling EVERY upgrade... I'm now on FFv23.0.1 3. My PC date/time setting is definitely correct
I trawled the net for a looonggg time looking for an answer. I hope I just missed it. If so, please share! I'll be very sorry to let FF go, but I'm moving back to IE in the meantime (while I get acquainted with Chrome)
Chosen solution
Basically, the summary is that FireFox & ESET got into this contention because of the new feature introduced this year on firefox's security.
I could try what jscher2000 suggested, but the effort is probably not worth it for one browser.
I have given the ESET advance options mentioned by cor-el, but perhaps I need to restart my PC because I'm still getting nowhere on FF certificates.
Thanks to you both for your help. I did love FF since it came out and I appreciate the Forum's active support. I will bookmark this thread & perhaps come back to FF when I'm no longer too busy to try and give it another go.
TTFN firefox.
Read this answer in context 👍 0All Replies (10)
Check out why the site is untrusted (click "Technical Details to expand that section) and if this is caused by a missing intermediate certificate then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
Note that some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.
- ESET setup -> advanced setup -> extend web and email tree -> SSL
- SSL protocol: Do not scan SSL protocol
cor-el, I forgot to mention I have tried your suggestions already.
What i find incredibly frustrating is firefox wont even allow its own add-on site - see the images attached
Who is the issuer of the certificate if you check that in the Details tab?
I get the errors on google searches and from the Mozilla Add-on site. See the attached images - these confirm the owners.
Your ESET firewall monitor secure (https) connections and send their own certificate instead of the website's certificate.
- ESET Setup -> Advanced setup -> Web and email -> Protocol filtering -> SSL
Certificates: Add the root certificate to known browsers
See also SSL protocol: Do not scan SSL protocol
Massive 'doh' moment. Thanks for the patience.
I will disable these settings once more and try to use FF again.
However, why is it that FF is the only browser impacted by the said anti-virus settings? Chrome, which I installed after FF started showing these issues, work fine. So does IE which had several upgrades before and after the ESET installation last year and this year.
Modified
When you install ESET, it detects your browsers and adds its certificate to them. If you install Firefox after ESET, or if you use Firefox's Reset feature, then Firefox may not have the certificate.
One method of again pushing the certificate to Firefox is to reinstall ESET. Or you can use export/import. This section of the ESET manual mentions how you can export the certificate:
For SSL communication to work properly in your browsers/email clients, it is essential that the root certificate for ESET be added to the list of known root certificates (publishers). Therefore, the Add the root certificate to known browsers option should be enabled. Select this option to automatically add the ESET root certificate to the known browsers (e.g. Opera, Firefox). For browsers using the system certification store, the certificate is added automatically (e.g. Internet Explorer). To apply the certificate to unsupported browsers, click View Certificate > Details > Copy to File... and then manually import it into the browser.
Importing is available in the Options dialog, Advanced tab, Certificates mini-tab, "View Certificates" button, "Authorities" tab, "Import" button. However, I haven't tried it myself.
Chosen Solution
Basically, the summary is that FireFox & ESET got into this contention because of the new feature introduced this year on firefox's security.
I could try what jscher2000 suggested, but the effort is probably not worth it for one browser.
I have given the ESET advance options mentioned by cor-el, but perhaps I need to restart my PC because I'm still getting nowhere on FF certificates.
Thanks to you both for your help. I did love FF since it came out and I appreciate the Forum's active support. I will bookmark this thread & perhaps come back to FF when I'm no longer too busy to try and give it another go.
TTFN firefox.
Hi auee, you wrote:
Basically, the summary is that FireFox & ESET got into this contention because of the new feature introduced this year on firefox's security.
What new feature? Proxies that substitute their certificate for the site's certificate, thus creating the appearance of a "man-in-the-middle" attack on your secure connection, have always and should always raise a red flag.
For Firefox you need to import the ESET root certificate in Firefox and make sure to set the trust bits to make the certificate work as a root certificate.