https://www.lotro.com/en/forums/forums.php registers Untrusted in Firefox (ONLY their Forums, and IE is fine); "unknown issuer" error. Why? cert8.db fix failed.
New desktop computer, new install of Firefox, Windows 8.1 (yuck, but I'm stuck with it):
EDIT:
This occurs either using my bookmark, or using the links from other areas of their site. The URL looks correct and didn't raise any flags with LOTRO support (or in Internet Explorer). I have virus scanned on my end, and so on and so forth, everything comes up clean.
END EDIT.
Can't go to http instead of https for their forums, trying to do so just shunts me back to https (it was worth a try). Have tried every Firefox setting I can find and none seem to affect this. Isn't occurring anywhere else on their site or anywhere else on the web so far. Isn't happening in IE, only in Firefox. Yes, Firefox is current at version 26. Have contacted Turbone's LOTRO support, they have no explanation and apparently aren't seeing this either. I have tried the following fix, found here; followed it to the letter but am still getting the same Untrusted Connection aggravation afterward. I do not wish to simply bypass it without understanding what is going on. Also, I've tried disabling all add-ons, and changing Firefox settings at random, NOTHING has helped.
Failed fix: The certificate is not trusted because the issuer certificate is unknown (site name) uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)
The file cert8.db in your profile folder may have become corrupted. Delete this file while Firefox is closed.
Open your profile folder:
At the top of the Firefox window, click on the Firefox button, go over to the Help menu and select Troubleshooting Information. The Troubleshooting Information tab will open. Under the Application Basics section, click on Show Folder. A window with your profile files will open. Note: If you are unable to open or use Fire?fox, follow the instructions in Finding your profile without opening Firefox.
At the top of the Firefox window, click on the Firefox button and then select Exit Click on the file named cert8.db. Press Delete. Restart Firefox.
Error details:
This Connection is Untrusted
You have asked Firefox to connect securely to www.lotro.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
www.lotro.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
Modified by Puzzlified
Chosen solution
The Lotro server doesn't send the Network Solutions Certificate Authority intermediate certificate issued by UTN-USERFirst-Hardware (The USERTRUST Network).
Copy the base64 encoded certificate text (Network Solutions Certificate Authority) that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse.
Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.
Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.
Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.
Import the saved certificate in the Firefox Certificate Manager.
- Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import
Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one.
There is also a built-in Network Solutions Certificate Authority root certificate (Network Solutions L.L.C.) with the same name found in the Certificate Manager??
All Replies (10)
Did you check who issued the certificate?
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
You can use this button to go to the Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
I'm having a flashback to another thread, which also started with a problem on the LOTRO forums: The certificate is not trusted because no issuer chain was provided. It was never really solved, or the problem ceased to exist for mysterious reasons.
Chosen Solution
The Lotro server doesn't send the Network Solutions Certificate Authority intermediate certificate issued by UTN-USERFirst-Hardware (The USERTRUST Network).
Copy the base64 encoded certificate text (Network Solutions Certificate Authority) that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse.
Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.
Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.
Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.
Import the saved certificate in the Firefox Certificate Manager.
- Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import
Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one.
There is also a built-in Network Solutions Certificate Authority root certificate (Network Solutions L.L.C.) with the same name found in the Certificate Manager??
coer-el: It shows the issuer as Network Solutions Certificate Authority, and to my extremely limited knowledge of the subject plus web searching on terms, it LOOKS okay to me. Famous last words of many a computer owner, I'm sure. I'm a cautious browser as a rule, so I don't run into this kind of thing very often.
As far as your second post above: I am more sensible than knowledgeable as far as this sort of thing goes. I must, with respect and considerable embarrassment, admit that I stopped comprehending what I was reading after "the LOTRO server doesn't", and hit the end of it still without a clue. I could implement your instructions, it's just that I have no idea what I'd be doing in doing so.
At risk of making myself sound like an idiot, rather than acting like one and doing something I don't understand, could you please explain what you're explaining? (No sarcasm intended. I'm completely at sea, and a good night's sleep isn't helping.)
It looks as though you've already spotted the problem and I just need to wrap my synapses around the nature of it. But, however late, I'm remembering to attach the images of the certificate details this time anyhow. Sorry about leaving them off before!
jscher2000: As a LOTRO player, I'm used to glitches which seem to come from nowhere and which leave the same way they came. Usually they at least wait until I've logged in.
EDIT: My font seems to have mutated midway through this post, and nothing I've tried (including copying the text out, pasting it to WordPad, select all and changing the font) is showing any change at all in Preview. It's readable; I give up.
Modified by Puzzlified
Hi Puzzlified, just a note on the formatting: this forum is based on wiki software that treats any line starting with a space as "preformatted" text. Handy for some purposes, annoying for others.
hello, does it make a difference when you install the intermediary certificate manually through http://www.netsolssl.com/NetworkSolutions_CA.crt ?
jscher200: Ah. And I paragraph indented with spaces because tab doesn't work and old habits still occasionally rise from their graves. Mystery solved, thank you!
cor-el:
So, after (quite) a few more rereadings,
I understand basically everything, I think, except why it's necessary to do this (if the LOTRO server is supposed to send that out, then why isn't it?) I'll be asking Turbine Support the same question.
Well, and "is there a downside to doing it this way, considering I have only a vague notion of what I'm doing?"
So, having summoned up my courage and tried it, now that it makes some sort of sense to me, implementing cor-el's solution has made it possible to go to the LOTRO forums without running into the "Wall Of Distrust" any longer. Thank you.
My remaining question is "Why?": Did this actually solve the problem, or did it simply bypass something which whomever's responsible should probably sort out in a more direct fashion?
Hi Puzzlified, one answer to why this (missing intermediate certificates) still happens is that IE would automatically fetch the missing certificate, so webmasters who didn't test in other browsers didn't realize there was an issue. But I don't have any information on this specific site.
Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that has send this certificate, like most of us have in many cases, then you won't get this error.
If the cert8.db file is deleted then all stored intermediate certificates are lost and you immediately notice such missing intermediate certificates on a server.
The current SSL implementation in Firefox requires that web servers send a full certificate chain that ends with a built-in root certificate.
To overcome such problems you can install such a missing intermediate certificate manually on your computer if you are able to find it elsewhere like in this case on the www.networking4all.com site.
You should never set any trust bits on an intermediate certificate when prompted by Firefox, trust bits should only be set on (built-in) root certificates.
philipp: I didn't get the chance to try, since once I understood cor-el's suggestion sufficiently to try it, it's worked. Thank you for the additional suggestion.
And jscher2000 and cor-el, thank you both for the clarifications/explanations as well. One of my earliest experiences with a computer was the discovery that the prior owner of a used PC was a programmer who'd taken all the safeties off. The tiny hard disk was nearly full, and I found a lot of files on it which seemed to contain nothing but symbols and lines of gibberish, hmm... Mass-deleting those to free up space ended badly and left a "why"-shaped mental scar. ;)
Marking this solved and exiting stage left. Thanks again all of you for your help!
EDIT: typo and nitpicking
Modified by Puzzlified