I am getting untrusted connection even on Firefox
I went through all the add ons and any extensions I could find that were suspect and disabled or deleted them This began after I had downloaded the latest Firefox. Now the browser does not work right, and I get these security certificate notifications on every site I go to - even on Firefox support. There were some programs that downloaded with the Firefox program and I have disabled all but Systweak. This is the only thing I have downloaded, and I even went back and trashed the first installation of Firefox and then went back and re installed it. I have ran the security software program that I have through the internet provider and nothing came up. ??? I am posting in Google Chrome.
Thank you for your help - I appreciate itRead this answer in context 0
Additional System Details
- User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details to expand this section.
If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
- Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
- Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.
Viewing this site in Google Chrome, can you click the padlock on the address bar and check the certificate and see whether there is anything unusual about the "Issued by" section?
Normally that will say:
CN = DigiCert High Assurance EV CA-1
(See attached screenshot for reference.)
What does your browser report?
On the Firefox page it says: support.mozilla.org uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer) The certificate is not trusted because no issuer chain was provided
There's no link to add an exception and on some of the sites I went on, when I did click to add an exception the box stayed on the page
When I click on Firefox on the desktop, it takes a while to come on also.
Maybe I should add also, that right after I installed the latest Firefox, I got a message from the firewall claiming that it had blocked a trojan application. Not sure what that's about.
You should be cautious when you get the 'untrusted' error message and that you should never create a permanent exception in cases like this without investigating the cause.
Who is the issuer of the certificate?
You can retrieve the certificate and open the Details tab and select the issuer
The issuer of the certificate is Mozilla. The web address appears ok I can go on the Mozilla site, but when I click on desktop support, I get the warning
I also went on Yahoo on Firefox and the web page is only type Things are seriously messed up
Hi Catwoman, what do you mean the issuer of the certificate is Mozilla? Except for a very few companies in the security business, the site owner will never be the issuer of its own certificate. That is very suspicious to me.
What you describe on Yahoo may happen if you create a certificate exception for yahoo.com, but the server uses related servers with other names for the missing content.
Can you check your download history for where you got Firefox and post the URL here?
I don't have access to Windows 8.1, but I believe you can access the Windows Control Panel through the Charms bar. If you call up the "Uninstall a Program" dialog (or whatever its new name might be) and click the "Installed on" column heading, what do you have that got installed on the same day or after Firefox?
This is the download: Firefox Setup Stub 28.0 (4) This computer has a firewall and two virus programs on it, but....
The web address where I got the download said mozilla.org and the page looked correct
Hi Catwoman, I'm not sure which browser you used to download the setup file, but it hopefully has a way to uncover the full URL back to that file so it could be checked. Normally there are zero extras included, so that's why I'm suspicious.
Our posts crossed. What was the download that preceded Firefox which pulled the file?
Modified by jscher2000
I actually downloaded it on Chrome since I couldn't get on the Firefox page because of the certificate problem I went on the PC's download page to see what was downloaded on that date. I have used a cleaner type program and ran it through two virus programs so some files may have been deleted by these programs
These programs that installed with Firefox were OutFox TV, Systweak and My PC Backup Does this sound right?
I am former Mac user and disappointed that I can't just click on the icon and get info about the file like on the Mac
Modified by Catwoman
Let me see whether I can recap this:
- You downloaded an update to Firefox that included various unofficial extras, which you mostly disabled, except for Systweak.
- Firefox then displayed certificate errors and/or incomplete site content.
- You "trashed" Firefox, downloaded it again, and installed it again, but this did not cure the problem.
- When you view the certificate for this support site in Chrome, the "Issued by" section does not list the correct issue of "DigiCert High Assurance EV CA-1" but instead says Mozilla.
- When you try to load this site in Firefox, the last section of the page ("I understand the risks") is missing so you are not able to use the Add Exception button to call up the certificate information in Firefox's viewer.
For #1, most sites that mention this software treat it as an infection, so I think you should go ahead and remove it completely using the Windows Control Panel. While there, please click the "Installed on" column heading to see what else has entered your system around the same time. Unless you absolutely know it to be safe and useful, I suggest removing it, especially if it arrived unannounced.
For #3, putting a Windows desktop shortcut in the recycle bin doesn't have the same effect as trashing a program on a Mac, so that could explain why this didn't have the desired effect.
For #5, do you get a certificate error on my test page: https://jeffersonscher.com/res/jstest.php? If so, can you access the "In understand the risks" section to use the Add Exception button and check what Common Name is listed in the Issued by section of the certificate? It should say "PositiveSSL CA 2".
Modified by jscher2000
When I viewed the site in Firefox is when I got the certificate notification, but everything else is correct. I went into Firefox and used the web address you gave and it came up the same way - and had the web address as the issuer of the site, when I went to details, it said fiddler2.com
The malware that uses the Fiddler certificate generally has a name like Browser Safeguard or BrowserSafe. Can you check your control panel for that and remove it if you find it?
Yep, it's there. When I click in the control panel to uninstall it, I get their ad that asks me whether to uninstall it and why I want to uninstall it. So if I uninstall, is it going to do something to my computer? ( is this something I need to take to a computer shop?)
Hi Catwoman, we see this one every week, and no one has reported any ill effects of removing it yet.
I would suggest using some supplemental scanners/cleaners after removing it in case there is anything still lurking. This article lists programs other Firefox users have found helpful: Troubleshoot Firefox issues caused by malware.
Good news, then. No idea how it got in there, since I am always very particular about what I download. It says March 20 but I had no problems until the last couple of days.
Should I also uninstall Firefox before going through a clean up program, and then do a re install?
No need to uninstall Firefox. Usually any lingering issue will be in your settings, anyway. If you have already cleaned out your extensions, I think most of the work is done.
Thank you for your help - I appreciate it