Hi, I get the infamous SEC_ERROR_UNKNWON_ISSUER error on mail.google.com, support.mozilla.org and others but the weird thing is that certificates look legit. In fact any … (read more)
Hi, I get the infamous SEC_ERROR_UNKNWON_ISSUER error on mail.google.com, support.mozilla.org and others but the weird thing is that certificates look legit. In fact any employee of my company is having it since months and across various versions.
I have checked the antivirus but it does not look like it's the cause. I'm currently running Firefox 61.0.1 on Windows 10 17134. The only special thing in that network is that there is a proxy cache but it does not do any nasty thing on https, and the weird thing is that Firefox on Linux doesn't get the error. On Windows I also tried to not configure proxy in Firefox and using system's one but it fixes nothing. I also tried to delete the SiteSecurityServiceState.txt file but it fixes nothing.
Basically, users can browse the web correctly, then around 18:00 or 19:00 on UTC+2 (but perhaps it's just about a specific amount of time after they started Firefox hours ago in the morning) large https websites (gmail and others) stop to work. For some unknown reason our own website using letsencrypt certificate still works.
If users turn Firefox off and on again it solves the problem and users are workarounding this bug every day since months this way but I'm looking for a real and definitive fix.
I copy paste there some certificates I get when I click the SEC_ERROR_UNKNWON_ISSUER link:
$ cat mozilla.txt
https://support.mozilla.org/1/firefox/61.0.1/WINNT/fr/security-error
L'autorité de délivrance du certificat du pair n'est pas reconnue.
HTTP Strict Transport Security : false
HTTP Public Key Pinning : false
Chaîne de certificat :
BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIQBaAso7BaHqmKyAaA+pSPWDANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTcwOTIwMDAwMDAwWhcN
MTgxMDMxMTIwMDAwWjCBhjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxGzAZBgNVBAoTEk1vemlsbGEgRm91
bmRhdGlvbjEPMA0GA1UECxMGV2ViT3BzMRwwGgYDVQQDExNzdXBwb3J0Lm1vemls
bGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cJwyaf36XRh
MtD76cDQtNXnJ5RCXs4KarfXWT2LaLpJU49jxpQWCeSPMllC0iAzktH/JVaCa0eo
l3iF/X6CO6HBmtiuhcsQXh7cQPsgoqhZe+bCjlu013U6+TZiIEZLrhh3sGDayXjp
V/txcGIcthpLp5CehqNBP0lPdopyCkxuokmPUDVtQ1IeiEiz3S6Hwls9vVwUJ+37
ltkLz4uJpZYq6DM1bekBQrW0MhN3g4FPlOwt7wsvw9SaDL+lLMCEG1Pw6C182uo2
28tZ3j0aBQGGFw4YMQxHsnBI6RpHwBRyV0mFLCWnucxRJhKv7x7kuyt6ZNUna8Nz
oRyyq6LFxwIDAQABo4IB7zCCAeswHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0
LOHG2eIwHQYDVR0OBBYEFKNcAPirCasC5wR4TwpVz9cQH1ReMDMGA1UdEQQsMCqC
E3N1cHBvcnQubW96aWxsYS5vcmeCE3N1cHBvcnQubW96aWxsYS5jb20wDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8E
ZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWcx
LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1n
MS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0
cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEE
cDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYB
BQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJT
ZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC
AQEA227lk4KbJItr/otzDrL9ZFD6Er9b0TgLRoq6I5QsDwg9wBKOjo5WeR75i6To
NWYIaMDK/6oC8IjGgy/eEA/Ly99Tb6ixRq0RpZOFsWwmCmd40OlMw7vwGcSb+thm
uFzdMqL7BdHjCjB8KTAcAudDkab1panZ9CpJA18y35FoB5zMIi4lDqXgdp06lXW7
wYEI2ilJVwHwb29GLOZ3au3PVfHvrXh2nC/5EjbuWGJNmQf0AK1Ygk/pCeHZ1q9E
gDK+1DSag+DTEgYv+M0n410gOzqp1Lkw3LSSYNetq8+QUQ4NS0+4nr50d4j5PXkN
8HNdBltVMB8GRqmRYoMnBoeHQQ==
END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg
U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83
nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd
KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f
/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX
kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0
/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C
AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1
oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD
QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh
xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl
5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA
8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC
2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit
c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0
j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
END CERTIFICATE-----
$ cat google.txt
https://mail.google.com/
L'autorité de délivrance du certificat du pair n'est pas reconnue.
HTTP Strict Transport Security : true
HTTP Public Key Pinning : true
Chaîne de certificat :
BEGIN CERTIFICATE-----
MIID2zCCAsOgAwIBAgIIVro9yNA9sHQwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE
BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc
R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xODA2MTkxMTQwMzZaFw0x
ODA4MjgxMTMyMDBaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRgw
FgYDVQQDDA9tYWlsLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AAT0XjScG/tliOjKq3jdBWv56pVTNiPT2NaUMs2T8GKVdrIt2qKVuVU9YVRdKcSJ
yV2CyZ6r4hvw6swvWTljzpGmo4IBZTCCAWEwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
DgYDVR0PAQH/BAQDAgeAMCwGA1UdEQQlMCOCD21haWwuZ29vZ2xlLmNvbYIQaW5i
b3guZ29vZ2xlLmNvbTBoBggrBgEFBQcBAQRcMFowLQYIKwYBBQUHMAKGIWh0dHA6
Ly9wa2kuZ29vZy9nc3IyL0dUU0dJQUczLmNydDApBggrBgEFBQcwAYYdaHR0cDov
L29jc3AucGtpLmdvb2cvR1RTR0lBRzMwHQYDVR0OBBYEFAt+K6lBPmEhYbZJvigT
baHoFdyaMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUd8K4UJpndnaxLcKG0IOg
fqZ+ukswIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUDMAgGBmeBDAECAjAxBgNVHR8E
KjAoMCagJKAihiBodHRwOi8vY3JsLnBraS5nb29nL0dUU0dJQUczLmNybDANBgkq
hkiG9w0BAQsFAAOCAQEAe098Y9G9kWmHCghsxWTtc+GeCPQzFfztP4OHjJPJFqJn
g4h/uHpFcn2Zu7UeMhTh6nZneF8kXg0LXYOCkLRdqM9ZxJ68/ZultKP9QYzgO1iW
FICeNxKkYzBWVGrBiZJIMT7DevPuR1X4ZP4oa9PR1hFjrpjO3fdhDOa6i8capYyu
XzY9aAuyeFp1lgO65zXa0Y5sdGBFBrJJkCbtwTCHd6vzRDLUttyrOSdUO+7gCO3d
GSaf3AdV+yp8zEQNNNVDCnbqp3hhkZdKrQX9JQt1fwlnK3zeBsh2q9+nFfTF3d7g
y+HUFr64j82gUncptKZCSse2SLt97M5nl8n2+emk6Q==
END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW
XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK
71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9
RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z
ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT
kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz
AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa
Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu
MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv
b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz
cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc
aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA
HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e
ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq
wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu
FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy
7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV
c7o835DLAFshEWfC7TIe3g==
END CERTIFICATE-----
Any idea where to look for?