Did Not Connect: Potential Security Issue (SEC_ERROR_UNKNOWN_ISSUER)
Hi I have a problem with the configuration of my Firefox. (I hope it is not something more serious like a malware or a security break)
Firefox version 124.0 (64bit) Os: Windows 10 Pro (64bit) 10.0.19045 Build 19045
Step to reproduce
- 1. I go to: https://wwws.tesoro.es/index.aspx (website of the Spanish gov)
- 2. I click on the link: Cl@ve in the center of the page (that should bring me to https://pasarela.clave.gob.es/Proxy2/ServiceProvider)
- 3. I receive an error page "Did Not Connect: Potential Security Issue" "SEC_ERROR_UNKNOWN_ISSUER" (see the attached screenshot)
Things I tried
- I followed the same steps on Chrome on the same machine
The website works
- I followed the same steps on the same Firefox in Incognito mode on the same machine
The website DOESN'T work
- I followed the same steps on a completely new Firefox profile on the same machine
The website DOESN'T work
- I followed the same steps on Firefox on a different machine (same Firefox version, windows 11)
The website works
פתרון נבחר
Try to rename the cert9.db file (cert9OLD.db) and remove a possible previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page (Root directory).
- Help -> More Troubleshooting Information -> Profile Folder/Directory:
Windows: Open Folder; Linux: Open Directory; Mac: Show in Finder - https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
כל התגובות (9)
It works for me.
Try changing DNS over HTTPS (DoH) to "Off" or "Max Protection" and in Connection Settings change "Use system proxy settings" to "No proxy".
Disable any third-party antivirus or security software, this may require rebooting into Windows Safe Mode (networking enabled).
Hi @zeroknight I tried to change the settings but it didn't work I use the default windows antivirus. Maybe I have some problem with the certificates? It works on chrome so I guess it should be with the one managed directly by firefox is there a way to reset all the certs in firefox?
Who is the issuer of the certificate?
You can check details about the issuer of the certificate and the certificate chain.
- click the "Advanced" button on the error page to show more detail
- click the blue "View Certificate" text to inspect the certificate chain in the Certificate Viewer
If I go to Advanced -> View certificate I see the following log:
https://pasarela.clave.gob.es/Proxy2/ServiceProvider Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false
Certificate chain:
BEGIN CERTIFICATE-----
MIII3zC....
Maybe this can be helpful to understand what is the problem?
Ok I managed to see the certificate details now. I took 2 screenshots: The first contains the issuer section The second two sections located below (I don't know what they are for but I see that there is an exclamation point on them so maybe there is some problem there)
When I check the cert through SSL Labs, it says that it should be accepted by Mozilla based on a complete certification path:
1 Sent by server *.clave.gob.es
2 Sent by server FNMT-RCM / AC Componentes Informáticos
3 In trust store FNMT-RCM / AC RAIZ FNMT-RCM Self-signed
Your screenshot doesn't show the third cert, so something seems to be missing from your trusted root certificates -- or the intermediate certificate isn't official.
You can check whether your Firefox has the FNMT certs by going into the Settings/Preferences page, typing cert slowly into the tiny search box and then clicking the View Certificates button. On the Authorities list, can you find an FNMT section?
You can click the blue SEC_ERROR_UNKNOWN_ISSUER button in the screenshot attached to the question to expand this section and paste the base64 encoded certificate code in a reply, so we can check the issuer.
פתרון נבחר
Try to rename the cert9.db file (cert9OLD.db) and remove a possible previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page (Root directory).
- Help -> More Troubleshooting Information -> Profile Folder/Directory:
Windows: Open Folder; Linux: Open Directory; Mac: Show in Finder - https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
The rename/re-creation of the cert9.db file worked, thanks a lot cor-el! Thanks also to all the other people that provided possible solutions! :) I