X
Tap here to go to the mobile version of the site.

Support Forum

For one website: "This connection is untrusted"

Posted

For https://secure.pt4web.com/xxxxx/flash/index.php, which is the login page for a bank (used several times a week), on one XP PC a security alert now issues: "This connection is untrusted," with the specific error being "no issuer chain was provided."

The Firefox security tool reports "Your connection to this web site is not encrypted."

Internet Explorer 8 displays the page with no security alert. Another PC running Firefox under Vista does not display the alert.

Other https web sites do not cause this problem.

This is under Firefox 26.

Things I tried: start Firefox with all add-ons disabled, delete cert8.db from the profile folder, Reset Firefox, uninstall/reinstall Firefox, update Adobe Flash Player, turn off the Windows firewall and Microsoft Security Essentials. I also tried accessing the page from another Windows user account (so the problem does not seem to be specific to one Firefox profile).

Does anyone recognize these symptoms or have further ideas on troubleshooting?

For https://secure.pt4web.com/xxxxx/flash/index.php, which is the login page for a bank (used several times a week), on one XP PC a security alert now issues: "This connection is untrusted," with the specific error being "no issuer chain was provided." The Firefox security tool reports "Your connection to this web site is not encrypted." Internet Explorer 8 displays the page with no security alert. Another PC running Firefox under Vista does not display the alert. Other https web sites do not cause this problem. This is under Firefox 26. Things I tried: start Firefox with all add-ons disabled, delete cert8.db from the profile folder, Reset Firefox, uninstall/reinstall Firefox, update Adobe Flash Player, turn off the Windows firewall and Microsoft Security Essentials. I also tried accessing the page from another Windows user account (so the problem does not seem to be specific to one Firefox profile). Does anyone recognize these symptoms or have further ideas on troubleshooting?

Modified by jd.hupp

Chosen solution

Thanks, philipp and cor-el, for the similarly informative replies.

Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox.

I can think of no reason why any of my measures would have a delayed effect without further intermediate actions.

It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security.

And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus:

Error while checking the SSL Certificate!!

Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.

Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection.

And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine.

Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Shockwave Flash 12.0 r0
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.06
  • Google Update
  • Version 4.9.1.16010
  • LogMeIn, Inc. Remote Access Components
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0

More Information

philipp
  • Top 10 Contributor
  • Moderator
2797 solutions 13038 answers

hello jd.hupp, the site doesn't properly include its intermediate certificate, so this can lead to problems in certain situations.

you might have to install the right certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to options > advanced > certificates > view certificates > import... & leave all the checkboxes unticked in the upcoming confirmation dialog...

hello jd.hupp, the site doesn't properly include its intermediate certificate, so this can lead to problems in certain situations. you might have to install the right certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to ''options > advanced > certificates > view certificates > import...'' & leave all the checkboxes unticked in the upcoming confirmation dialog...
cor-el
  • Top 10 Contributor
  • Moderator
11987 solutions 111378 answers

Helpful Reply

The secure.pt4web.com server doesn't send a required intermediate certificate.

You can inspect the certificate chain via a site like this:

Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that

Copy the base64 encoded certificate text of the EssentialSSL CA certificate that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse.

Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.
Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.
Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.
Import the saved certificate in the Firefox Certificate Manager.

  • Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import

Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one.


The secure.pt4web.com server doesn't send a required intermediate certificate. You can inspect the certificate chain via a site like this: *http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=secure.pt4web.com&protocol=https Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that Copy the base64 encoded certificate text of the EssentialSSL CA certificate that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse. Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.<br /> Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.<br /> Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.<br /> Import the saved certificate in the Firefox Certificate Manager. *Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one. ----- *https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=20&pcid=1&nav=0,1

Chosen Solution

Thanks, philipp and cor-el, for the similarly informative replies.

Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox.

I can think of no reason why any of my measures would have a delayed effect without further intermediate actions.

It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security.

And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus:

Error while checking the SSL Certificate!!

Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.

Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection.

And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine.

Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?

Thanks, philipp and cor-el, for the similarly informative replies. Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox. I can think of no reason why any of my measures would have a delayed effect without further intermediate actions. It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security. And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus: ''Error while checking the SSL Certificate!!'' ''Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.'' ''We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.'' Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection. And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine. Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?

Modified by jd.hupp

philipp
  • Top 10 Contributor
  • Moderator
2797 solutions 13038 answers

thanks for reporting back - for the moment i'll mark your issue as solved...

thanks for reporting back - for the moment i'll mark your issue as solved...
cor-el
  • Top 10 Contributor
  • Moderator
11987 solutions 111378 answers

I can confirm that the site is now sending this intermediate certificate.
I deleted it in the Certificate Manager and restarted Firefox as a second test and the website loaded without a problem.

I can confirm that the site is now sending this intermediate certificate.<br /> I deleted it in the Certificate Manager and restarted Firefox as a second test and the website loaded without a problem.