When you say the site is not functional, do you mean that the display is very incomplete, with maybe text but no images and completely unstyled? That is common when there is a pervasive SSL problem, because site content often is divided over multiple servers and the exception usually only applies to the specific server shown in the address bar.

So we need to track down the cause, which usually is either:

(1) Incomplete security software installation

Some security suites include a feature to intercept and scan your web traffic, including secure connections. In order to do this, they must present a fake certificate to Firefox, which of course, Firefox rejects. Programs such as ESET and Kaspersky provide a way to either turn off this feature, or import a master certificate into Firefox so that Firefox will trust these programs.

(2) Malware

Unfortunately, some malware also will intercept your secure connections. Often they can do this invisibly in IE and Chrome because they can inject certificates into the shared Windows certificate store. Because Firefox uses its own certificate file, you may get errors in Firefox that you do not get in IE and Chrome.

To distinguish between these two problems, it's helpful to inspect the "Issued by" section of one of the untrusted certificates. Because you already saved some exceptions, you can click the padlock in the address bar, then click More Information, then View Certificate.

Check the "Issued by" section to see what you find there. For example:

• Name associated with your security software, such as ESET, BitDefender, Kaspersky, etc.
• Sendori (indicates unwanted software from Sendori)
• FiddlerRoot (indicates unwanted software named similarly to BrowserSafeguard, BrowserSafe, SafeGuard)
• Something else

What do you see?

@jscher2000. You said, "Some security suites include a feature to intercept and scan your web traffic, including secure connections. In order to do this, they must present a fake certificate to Firefox, which of course, Firefox rejects. Programs such as ESET and Kaspersky provide a way to either turn off this feature, or import a master certificate into Firefox so that Firefox will trust these programs."

I installed a new version of Kaspersky AND a new version of Firefox today, and I had assumed it was a Firefox problem. But you're suggesting it might be a Kaspersky problem? Could this only affect Firefox and not any other browser application? (I don't have this problem with Internet Explorer or Chrome.).

To clarify, the error message I keep getting specifies that "This Connection is Untrusted" and has an "invalid certificate". The message comes up even with known trusted sites such as Google. For example here are the Technical Details from the error page when I try to go to Google: "Technical Details: www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"

Does this sound like something that might be related to Kaspersky? If so, would you mind providing information (or a link) if possible, on how to adjust Kaspersky settings to try to address this issue? I'm hoping it's a fairly straightforward solution, otherwise I'll have to resort to using IE and/or Chrome (arghh!). I've looked through the Kaspersky help menu and their online help, as well as other posts on the Firefox forums, but so far I haven't found a solution.

Please Note: I don't want to completely turn off the ability to detect trusted/untrusted sites. Just want to fix whatever problem is causing the mis-identification of "untrusted" sites that are actually trusted sites.

Thanks!

Hi BetsyR, your Kaspersky software has a feature to scan your web traffic for threats. This is seamless with non-secure sites, but with secure sites, the program has to present Firefox with a fake certificate so it can decrypt your request and the site's response.

IE and Chrome share the Windows certificate store, which your Kaspersky software presumably has automatically updated to resolve this issue. Firefox has its own certificate file. Kaspersky might be able to add itself, or you might need to import something.

One option is to turn off "Scan Encrypted Connections", or make an application-specific exception for Firefox. But if you want the benefit of scanning, the better option is to add a certificate from Kaspersky to Firefox so Firefox no longer objects to the fake certificates.

I haven't looked up the latest documentation, but here are some articles on this feature from earlier versions:

• General SSL scan setting: How to scan encrypted connections in Kaspersky Anti-Virus 2012?; How to scan encrypted connections in Kaspersky PURE 2.0?

• Making an exception for a specific program (e.g., Google Chrome): Encrypted connections scan by Kaspersky Internet Security 2012 in Google Chrome; Scan of encrypted connections in Google Chrome and Opera (KIS 2013)

I wonder why I never had this problem with Kaspersky and previous versions of Firefox. ... Any thoughts on why?

If I wanted to report this to a technical support team, would this be considered a Kaspersky technical issue or a Firefox tech issue?

I'm paying for Kaspersky, so if it's something that should be fixed/updated on their end, then I'd definitely contact then and make a fuss about it. But first I want to sound like I know what I'm talking about... :)

It's a problem that it isn't more seamless. I'm fairly certain that Mozilla is not simply going to import everything in the Windows certificate store and trust it, so that puts the burden on third party publishers like Kaspersky to develop a more transparent method to add their certificate to Firefox.

I think Mozilla's error page could be improved. It would be easier for everyone if the error page said "This certificate is signed by:" followed by the information we usually ask people to look up. And a link to support.