I suspect the page was already visited in Firefox on a connection that doesn't employ a man-in-the-middle attack (because that's what the enterprise firewall is doing). There is this security feature called OCSP, where information about server TLS/SSL certificates is distributed. Firefox consults this information for further validation of certificates. It might help your cause if you disable it via the configuration key security.OCSP.enabled.

Another security feature is HSTS (HTTP Strict Transport Security), which tells browsers to never connect via unsecure connection. As a result, the tampered connection the enterprise firewall is employing would be blocked. HSTS cannot be turned off. You have to make Firefox forget about it by creating a new profile.

Please let me note that the enterprise firewall behavior is very fishy. You shouldn't need to tamper with the secure connections and you certainly shouldn't follow the advice above and turn off OCSP. Rather, I encourage you to seek a different solution which secures your goals while not sacrificing browser security. For example, you could block all HTTPS traffic, while allowing only certain targets.

Try to contact your IT department and ask them how you can install the root certificate in the Firefox Certificate Manager to make it possible for Firefox to build a valid certificate chain.

You can also try to set this pref to true on the about:config page.

• security.enterprise_roots.enabled = true

You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

• http://kb.mozillazine.org/about:config

OCSP hos no impact but.... security.enterprise_roots.enabled is working!!!!

Thank you so much for your assistance.

Have a good day Rman31