Compare Revisions
Troubleshoot security error codes on secure websites
Revision 303166:
Revisión 303166 de AliceWyman do
Revision 304118:
Revisión 304118 de Artist do
Palabras clave:
certificate error, SEC_ERROR_UNKNOWN_ISSUER, MOZILLA_PKIX_ERROR_MITM_DETECTED
certificate error, SEC_ERROR_UNKNOWN_ISSUER, MOZILLA_PKIX_ERROR_MITM_DETECTED
Search results summary:
Learn what Firefox security error codes mean and how to resolve them safely, including antivirus, network and certificate issues.
Learn what Firefox security error codes mean and how to resolve them safely, including antivirus, network and certificate issues.
Contido:
Firefox checks a website’s security certificate to ensure the site is legitimate and that your connection is [[How do I tell if my connection to a website is secure?|encrypted]]. If the certificate can’t be validated, Firefox will stop the connection and display a '''“Warning: Potential Security Risk Ahead”''' page.
This article explains what the most common related error codes mean – SEC_ERROR_UNKNOWN_ISSUER, MOZILLA_PKIX_ERROR_MITM_DETECTED and ERROR_SELF_SIGNED_CERT – and how to troubleshoot them. See [[What do the security warning codes mean?]] for other “Warning: Potential Security Risk Ahead” error codes.
{note}'''Note:''' In recent Firefox versions, some certificate errors can no longer be bypassed for security reasons. If you don’t see the {button Accept the Risk and Continue} button, see the section [[#w_when-you-cant-bypass-the-warning|When you can’t bypass the warning]].{/note}
__TOC__
=Understand the error code=
#On the warning page, click {button Advanced…}
#Check the error code displayed.
#If you see:
#*SEC_ERROR_UNKNOWN_ISSUER or MOZILLA_PKIX_ERROR_MITM_DETECTED: An untrusted authority issued the certificate.
#*ERROR_SELF_SIGNED_CERT: The site is using a self-signed certificate.
[[Image:Fx128WarningSEC_ERROR_UNKNOWN_ISSUER]]
=If the error occurs on multiple secure sites=
This usually means something on your device or network is intercepting secure connections and replacing website certificates. Common causes:
*Antivirus software scans encrypted connections
*Corporate network monitoring tools
*Malware
==Check your antivirus settings==
===Avast/AVG===
#Open the Avast or AVG dashboard.
#Go to {menu Menu} → {menu Settings} → {menu Protection} → {menu Core Shields}.
#Under {menu Web Shield}, uncheck {button Enable HTTPS Scanning}.
#;In older versions of the product, you'll find the corresponding option when you go to {menu Menu} > {menu Settings} > {menu Components} and click {button Customize} next to {menu Web Shield}.
#Confirm and restart Firefox.
{note}See the Avast support article [https://support.avast.com/en-us/article/189/ Managing HTTPS scanning in Web Shield in Avast Antivirus] for details. More Information about this feature is available on this [https://blog.avast.com/2015/05/25/explaining-avasts-https-scanning-feature/ Avast Blog].{/note}
===Bitdefender===
#Open the Bitdefender dashboard.
#Go to {menu Protection} → {menu Online Threat Prevention} → {menu Settings}.
#Toggle off the {pref Encrypted Web Scan} setting.
#;In older versions of the product, you can find the corresponding option labelled {pref Scan SSL} when you go to {menu Modules} > {menu Web Protection}.
{note}In Bitdefender Antivirus Free, it's not possible to control this setting. You can try to [https://www.bitdefender.com/support/repairing-or-removing-bitdefender-free-edition-1160.html repair or remove the program] instead when you're having problems accessing secure websites.{/note}
For corporate Bitdefender products, please refer to this [http://www.bitdefender.com/support/how-to-enable-ssl-https-scanning-in-cloud-security-for-endpoints-1117.html Bitdefender Support Center page].{/note}
=== Bullguard ===
#Open the Bullguard dashboard.
#Go to {menu Settings} → {pref Advanced} → {menu Antivirus}.
#In the safe {menu Safe browsing} section, uncheck the {menu Show safe results} option for those websites that are showing errors.
=== ESET ===
Follow the steps in [http://support.eset.com/kb3126/ ESET’s support article] to disable and re-enable SSL/TLS protocol filtering.
=== Kaspersky ===
#Open the Kaspersky dashboard.
#Go to {menu Settings} → {menu Additional} → {menu Network}.
#In the {menu Encrypted connections scanning}, select {pref Do not scan encrypted connections}.
#Restart your system.
{note}Affected users of Kaspersky should upgrade to the most recent version of their security product, as Kaspersky 2019 and above contain mitigations for this problem. The [https://www.kaspersky.com/downloads Kaspersky Downloads page] includes “update” links that will install the latest version free of charge for users with a current subscription.{/note}
===Check for corporate network interception===
If you’re on a work network, your IT department may need to add the interception certificate to Firefox’s trust store. See [https://wiki.mozilla.org/CA:AddRootToFirefox CA:AddRootToFirefox] for instructions.
===Scan for malware===
Some malware can intercept secure connections. See [[Troubleshoot Firefox issues caused by malware]].
=If the error occurs on one site only=
Likely causes:
*Server misconfiguration
*Missing intermediate certificate
*Self-signed certificate
If the site belongs to you, test it using [https://www.ssllabs.com/ssltest SSL Labs] and correct any “Chain issues: Incomplete” results.
=When you can’t bypass the warning=
You won’t see Accept the Risk and Continue if:
*The site uses HTTP Strict Transport Security (HSTS)
*The certificate has certain critical errors
*Your Firefox is managed by an enterprise policy that disables bypasses
For major sites (banks, email providers…), bypassing is never allowed because it could indicate your connection is compromised.
=About permanent exceptions=
Firefox does not allow permanent certificate exceptions for most sites, especially on the public internet. For local network sites (LAN), the safest approach is to:
*Install a valid certificate from a trusted authority
*Or manually add your server’s certificate to Firefox’s certificate store
{warning}'''Warning:''' Permanent exceptions weaken your security. Only use them for internal, controlled networks.{/warning}
=Bypass the warning (when available)=
If Firefox allows it:
#On the warning page, click {button Advanced…}
#Click {button Accept the Risk and Continue}.
=Related articles=
*[[Fix secure connection failed errors in Firefox]]
*[[Troubleshoot Firefox issues caused by malware]]
*[[What do the security warning codes mean?]]
*[[Troubleshoot time-related errors on secure websites]]
Firefox checks a website’s security certificate to ensure the site is legitimate and that your connection is [[How do I tell if my connection to a website is secure?|encrypted]]. If the certificate can’t be validated, Firefox will stop the connection and display a '''“Warning: Potential Security Risk Ahead”''' page.
This article explains what the most common related error codes mean – SEC_ERROR_UNKNOWN_ISSUER, MOZILLA_PKIX_ERROR_MITM_DETECTED and ERROR_SELF_SIGNED_CERT – and how to troubleshoot them. See [[What do the security warning codes mean?]] for other “Warning: Potential Security Risk Ahead” error codes.
{note}'''Note:''' In recent Firefox versions, some certificate errors can no longer be bypassed for security reasons. If you don’t see the {button Accept the Risk and Continue} button, see the section [[#w_when-you-cant-bypass-the-warning|When you can’t bypass the warning]].{/note}
__TOC__
=Understand the error code=
#On the warning page, click {button Advanced…}
#Check the error code displayed.
#If you see:
#*SEC_ERROR_UNKNOWN_ISSUER or MOZILLA_PKIX_ERROR_MITM_DETECTED: An untrusted authority issued the certificate.
#*ERROR_SELF_SIGNED_CERT: The site uses a self-signed certificate.
[[Image:Fx128WarningSEC_ERROR_UNKNOWN_ISSUER]]
=If the error occurs on multiple secure sites=
This usually means something on your device or network intercepts secure connections and replaces website certificates. Common causes:
*Antivirus software scans encrypted connections
*Corporate network monitoring tools
*Malware
==Check your antivirus settings==
===Avast/AVG===
#Open the Avast or AVG dashboard.
#Go to {menu Menu} → {menu Settings} → {menu Protection} → {menu Core Shields}.
#Under {menu Web Shield}, uncheck {button Enable HTTPS Scanning}.
#;In older versions of the product, you'll find the corresponding option when you go to {menu Menu} > {menu Settings} > {menu Components} and click {button Customize} next to {menu Web Shield}.
#Confirm and restart Firefox.
{note}See the Avast support article [https://support.avast.com/en-us/article/189/ Managing HTTPS scanning in Web Shield in Avast Antivirus] for details. More Information about this feature is available on this [https://blog.avast.com/2015/05/25/explaining-avasts-https-scanning-feature/ Avast Blog].{/note}
===Bitdefender===
#Open the Bitdefender dashboard.
#Go to {menu Protection} → {menu Online Threat Prevention} → {menu Settings}.
#Toggle off the {pref Encrypted Web Scan} setting.
#;In older versions of the product, you can find the corresponding option labelled {pref Scan SSL} when you go to {menu Modules} > {menu Web Protection}.
{note}In Bitdefender Antivirus Free, it's not possible to control this setting. You can try to [https://www.bitdefender.com/support/repairing-or-removing-bitdefender-free-edition-1160.html repair or remove the program] instead when you have problems to access secure websites.{/note}
For corporate Bitdefender products refer to the [http://www.bitdefender.com/support/how-to-enable-ssl-https-scanning-in-cloud-security-for-endpoints-1117.html Bitdefender Support Center page].
===Bullguard===
#Open the Bullguard dashboard.
#Go to {menu Settings} → {pref Advanced} → {menu Antivirus}.
#In the safe {menu Safe browsing} section, uncheck the {menu Show safe results} option for those websites that are showing errors.
===ESET===
Follow the steps in [http://support.eset.com/kb3126/ ESET’s support article] to disable and re-enable SSL/TLS protocol filtering.
===Kaspersky===
#Open the Kaspersky dashboard.
#Go to {menu Settings} → {menu Additional} → {menu Network}.
#In the {menu Encrypted connections scanning}, select {pref Do not scan encrypted connections}.
#Restart your system.
{note}Affected users of Kaspersky should upgrade to the most recent version of their security product, as Kaspersky 2019 and above contain mitigations for this problem. The [https://www.kaspersky.com/downloads Kaspersky Downloads page] includes “update” links that will install the latest version free of charge for users with a current subscription.{/note}
===Check for corporate network interception===
If you’re on a work network, your IT department may need to add the interception certificate to Firefox’s trust store. See [https://wiki.mozilla.org/CA:AddRootToFirefox CA:AddRootToFirefox] for instructions.
===Scan for malware===
Some malware can intercept secure connections. See [[Troubleshoot Firefox issues caused by malware]].
=If the error occurs on one site only=
Likely causes:
*Server misconfiguration
*Missing intermediate certificate
*Self-signed certificate
If the site belongs to you, test it using [https://www.ssllabs.com/ssltest SSL Labs] and correct any “Chain issues: Incomplete” results.
=When you can’t bypass the warning=
You won’t see ''Accept the Risk and Continue'' if:
*The site uses HTTP Strict Transport Security (HSTS)
*The certificate has certain critical errors
*Your Firefox is managed by an enterprise policy that disables bypasses
For major sites (banks, email providers, etc.), bypassing is never allowed because it could indicate your connection is compromised.
=About permanent exceptions=
Firefox does not allow permanent certificate exceptions for most sites, especially on the public internet. For local network sites (LAN), the safest approach is to:
*Install a valid certificate from a trusted authority
*Or manually add your server’s certificate to Firefox’s certificate store
{warning}'''Warning:''' Permanent exceptions weaken your security. Only use them for internal, controlled networks.{/warning}
=Bypass the warning (when available)=
If Firefox allows it:
#On the warning page, click {button Advanced…}
#Click {button Accept the Risk and Continue}.
=Related articles=
*[[Fix secure connection failed errors in Firefox]]
*[[Troubleshoot Firefox issues caused by malware]]
*[[What do the security warning codes mean?]]
*[[Troubleshoot time-related errors on secure websites]]