Can't access Google.com
Hello, friends, I hope you all doing great.
My english is really bad, so I'll go straight to the problem:
I can't access Google.com or any Google site on Firefox.
The message:
The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
https://www.google.com/?gws_rd=ssl
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false HTTP Public Key Pinning: true
Certificate chain:
BEGIN CERTIFICATE-----
MIICzjCCAbagAwIBAgIJAMK3V/uRbaM+MA0GCSqGSIb3DQEBCwUAMCgxCzAJBgNV BAYTAkJSMRkwFwYDVQQDDBBLdXJ1cGlyYSAoMzk5NjEpMB4XDTE4MTEwNzA4NTkw MFoXDTE5MDEzMDA4NTkwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm b3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBM TEMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDtE9s8joMGr1mnF7COkHfAemZd4L5cA+Ekd+z8EJ0oY67a+91JjZyu YyppEVxLCwX/82PajRCU7iF8E5WY5GSLudDJ22Ln4AsnTs8UdATnv3QP6r2Fx/Q0 OsTMKJWJ19puwktM45P8l2NNjWhWkwhCRkreIyW9SkDkO2DTBksHBwIDAQABoz8w PTAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTALBgNVHQ8EBAMCB4AwEwYDVR0l BAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAL1K+7evk/e2nJFgqJFu +wZuCt1j+pcwajRk9sGGY4co8/NvyQ+lKorf8NgNRpXS8mYan/5T4osXnSEuA2WW zvMHxFaOxrJFkYkT7uUhLY0lXRVz3NP4JjyHoxcVSYBO+XolGxlruMZGn23KpNcz 5hEB3YCDfeWDGZXYT5djppYdx07xBvslIrCr4F0+Ss/0IUdx+IoIA1WSSFzzGpQ3 0ubnENOXhJjvTshQrhkCR35o3pyjd3FHcs12Lr7ur0yu8OZBfhuLPI1Xa3/JhZ4S msoopgrymDDLiX31ncITLb//aLcd0U4j20CXvWMnsE//RZjpXGnL5+a9BAxBwK3s 2Ho=
END CERTIFICATE----- </center>
What I've tried:
1- Add an exception to *google.com/*;
2 - Deactivate Kaspersky;
3 - Use a portable version of Firefox;
4 - Deactivate Windows Firewall;
5 - Deactivate plug-ins;
6 - Checked my date and time;
7 - Reinstalled Firefox.
Details:
Firefox Version = 63.0.3 (64-bit)
O.S = Windows 10 Pro 64-bit
Athraithe ag JonasEstevam ar
Réiteach roghnaithe
JonasEstevam said
FredMcD saidWhat other protection are you using on your computer?We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games.
Yes, when I decode the certificate, I see:
Issuer: Kurupira (39961), BR
The filter is intercepting the request.
Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!!
Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information:
Option #1: Import the Signing Certificate
If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.
(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor.
- This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
- The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location
Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849
(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.
(Fourth and fifth screenshots in the above-linked post.)
When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.
It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.
Option #2: Trust all Signing Certificates in the Windows Cert Store
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(B) In the search box above the list, type or paste enterp and pause while the list is filtered
(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.
The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system.
Do either of those work for you?
Read this answer in context 👍 1All Replies (7)
What other protection are you using on your computer?
Is this link any better? https://www.google.com/
FredMcD said
What other protection are you using on your computer? Is this link any better? https://www.google.com/
We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games. For example, it blocks any window that has "counter strike" in it.
Athraithe ag JonasEstevam ar
JonasEstevam said
"conter strike"
What is this? A game?
Remove History For One Site
Open the History Manager <Control><Shift> H. In the search bar, enter the name of the site. Right-click on one of the listings and select Forget About This Site. This should remove all information, including any passwords / settings.
Athraithe ag FredMcD ar
FredMcD said
JonasEstevam said"counter strike"What is this? A game?
Yes. It was just an example.
https://support.mozilla.org/kb/Clear+Recent+History#w_how-do-i-remove-a-single-website-from-my-history Remove History For One Site Open the History Manager <Control><Shift> H. In the search bar, enter the name of the site. Right-click on one of the listings and select Forget About This Site. This should remove all information, including any passwords / settings.
Still the same.
I'm running out of options. Maybe I should just leave the computers without Firefox for a while?
Athraithe ag JonasEstevam ar
Réiteach Roghnaithe
JonasEstevam said
FredMcD saidWhat other protection are you using on your computer?We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games.
Yes, when I decode the certificate, I see:
Issuer: Kurupira (39961), BR
The filter is intercepting the request.
Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!!
Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information:
Option #1: Import the Signing Certificate
If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.
(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor.
- This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
- The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location
Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849
(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.
(Fourth and fifth screenshots in the above-linked post.)
When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.
It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.
Option #2: Trust all Signing Certificates in the Windows Cert Store
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(B) In the search box above the list, type or paste enterp and pause while the list is filtered
(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.
The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system.
Do either of those work for you?
jscher2000 said
JonasEstevam saidFredMcD saidWhat other protection are you using on your computer?We use Kurupira Web Filter to prevent the users (students) from accessing system tools or opening games.
Yes, when I decode the certificate, I see:
Issuer: Kurupira (39961), BR
The filter is intercepting the request.
Of course, Firefox doesn't trust an unknown "man in the middle" to issue fake website certificates. As you would hope!!
Here are two workarounds to get Firefox to trust all of the fake certificates your filter will generate so it can read all your browsing -- presumably you completely trust this company with your information:
Option #1: Import the Signing Certificate
If you import the Kurupira signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.
(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome, or check with the software vendor.
- This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
- The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location
Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849
(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.
(Fourth and fifth screenshots in the above-linked post.)
When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.
It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.
It worked like a charm! Thank you so much, jscher2000.
