You should not need to add exceptions!

When you get this for pretty much all secure sites, the problem usually is one of the following:

(1) Error in your system's date, time, or time zone, which throws off certificate validity checks. Sometimes allowing computers to use an internet-based time source can introduce this problem.

(2) Firefox not being set up to work with your security software that intercepts and filters secure connections. Products with this feature include Avast, BitDefender, ESET, and Kaspersky; AVG has a Search Shield feature which can cause this error on search sites.

(3) Malware on your system intercepting secure connections.

So... which is it?

If you have any of those specific security products, that would be the first thing to check. We might be able to assist with specific next steps based on what you have if you tell us.

To investigate further, could you inspect the certificate on a page where the Add Exception button appears? For example, my test page at: https://jeffersonscher.com/res/jstest.php

You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button.

Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.

Click Add Exception, and the certificate exception dialog should open.

Click the View button. If View is not enabled, try the Get Certificate button first.

This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

jscher2000 said

You should not need to add exceptions! When you get this for pretty much all secure sites, the problem usually is one of the following: (1) Error in your system's date, time, or time zone, which throws off certificate validity checks. Sometimes allowing computers to use an internet-based time source can introduce this problem. (2) Firefox not being set up to work with your security software that intercepts and filters secure connections. Products with this feature include Avast, BitDefender, ESET, and Kaspersky; AVG has a Search Shield feature which can cause this error on search sites. (3) Malware on your system intercepting secure connections. So... which is it? If you have any of those specific security products, that would be the first thing to check. We might be able to assist with specific next steps based on what you have if you tell us.

---

To investigate further, could you inspect the certificate on a page where the Add Exception button appears? For example, my test page at: https://jeffersonscher.com/res/jstest.php

You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button.

Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.

Click Add Exception, and the certificate exception dialog should open.

Click the View button. If View is not enabled, try the Get Certificate button first.

This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

Okay, you use Avast! One option is to turn off the feature in Avast's "Web Shield" for filtering encrypted sites. Another option is to import Avast's signing certificate into Firefox's certificate store so that the feature works seamlessly.

For the first option, a Mac user was able to find it in this thread: https://support.mozilla.org/questions/1084612 (turned off "Scan secure connections", there's also a link to a quick start manual)

For the second option, I'm familiar with how to do it on Windows, but I'm not sure on Mac. You may need to export a certificate from Apple's system certificate store or Safari. ?? Perhaps it would be best to ask on Avast's forums.

For importing the certificate into Firefox after you save it (in DER format):

• In Firefox, open the Certificate Manager using: "3-bar" menu button (or Firefox menu) > Preferences > Advanced > Certificates mini-tab > "View Certificates" button

• Click the Authorities mini-tab and then the "Import" button, and find the DER file. Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.

I have attached a screen shot of that second step.

Let us know how you do.

jscher2000 said

Okay, you use Avast! One option is to turn off the feature in Avast's "Web Shield" for filtering encrypted sites. Another option is to import Avast's signing certificate into Firefox's certificate store so that the feature works seamlessly. For the first option, a Mac user was able to find it in this thread: https://support.mozilla.org/questions/1084612 (turned off "Scan secure connections", there's also a link to a quick start manual) For the second option, I'm familiar with how to do it on Windows, but I'm not sure on Mac. You may need to export a certificate from Apple's system certificate store or Safari. ?? Perhaps it would be best to ask on Avast's forums. For importing the certificate into Firefox after you save it (in DER format):

• In Firefox, open the Certificate Manager using: "3-bar" menu button (or Firefox menu) > Preferences > Advanced > Certificates mini-tab > "View Certificates" button

• Click the Authorities mini-tab and then the "Import" button, and find the DER file. Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.

I have attached a screen shot of that second step. Let us know how you do.

thanks the first method worked!!