חיפוש בתמיכה

יש להימנע מהונאות תמיכה. לעולם לא נבקש ממך להתקשר או לשלוח הודעת טקסט למספר טלפון או לשתף מידע אישי. נא לדווח על כל פעילות חשודה באמצעות באפשרות ״דיווח על שימוש לרעה״.

מידע נוסף

Did Not Connect: Potential Security Issue (SEC_ERROR_UNKNOWN_ISSUER)

more options

Hi I have a problem with the configuration of my Firefox. (I hope it is not something more serious like a malware or a security break)

Firefox version 124.0 (64bit) Os: Windows 10 Pro (64bit) 10.0.19045 Build 19045

Step to reproduce

  1. 1. I go to: https://wwws.tesoro.es/index.aspx (website of the Spanish gov)
  2. 2. I click on the link: Cl@ve in the center of the page (that should bring me to https://pasarela.clave.gob.es/Proxy2/ServiceProvider)
  3. 3. I receive an error page "Did Not Connect: Potential Security Issue" "SEC_ERROR_UNKNOWN_ISSUER" (see the attached screenshot)

Things I tried

  • I followed the same steps on Chrome on the same machine

The website works

  • I followed the same steps on the same Firefox in Incognito mode on the same machine

The website DOESN'T work

  • I followed the same steps on a completely new Firefox profile on the same machine

The website DOESN'T work

  • I followed the same steps on Firefox on a different machine (same Firefox version, windows 11)

The website works

Hi I have a problem with the configuration of my Firefox. (I hope it is not something more serious like a malware or a security break) Firefox version 124.0 (64bit) Os: Windows 10 Pro (64bit) 10.0.19045 Build 19045 '''Step to reproduce''' # 1. I go to: https://wwws.tesoro.es/index.aspx (website of the Spanish gov) # 2. I click on the link: Cl@ve in the center of the page (that should bring me to https://pasarela.clave.gob.es/Proxy2/ServiceProvider) # 3. I receive an error page "Did Not Connect: Potential Security Issue" "SEC_ERROR_UNKNOWN_ISSUER" (see the attached screenshot) '''Things I tried''' * I followed the same steps on Chrome on the same machine The website works * I followed the same steps on the same Firefox in Incognito mode on the same machine The website DOESN'T work * I followed the same steps on a completely new Firefox profile on the same machine The website DOESN'T work * I followed the same steps on Firefox on a different machine (same Firefox version, windows 11) The website works
צילומי מסך מצורפים

פתרון נבחר

Try to rename the cert9.db file (cert9OLD.db) and remove a possible previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page (Root directory).

Read this answer in context 👍 0

כל התגובות (9)

more options

It works for me.

Try changing DNS over HTTPS (DoH) to "Off" or "Max Protection" and in Connection Settings change "Use system proxy settings" to "No proxy".

Disable any third-party antivirus or security software, this may require rebooting into Windows Safe Mode (networking enabled).

more options

Hi @zeroknight I tried to change the settings but it didn't work I use the default windows antivirus. Maybe I have some problem with the certificates? It works on chrome so I guess it should be with the one managed directly by firefox is there a way to reset all the certs in firefox?

more options

Who is the issuer of the certificate?

You can check details about the issuer of the certificate and the certificate chain.

  • click the "Advanced" button on the error page to show more detail
  • click the blue "View Certificate" text to inspect the certificate chain in the Certificate Viewer
more options

If I go to Advanced -> View certificate I see the following log:

https://pasarela.clave.gob.es/Proxy2/ServiceProvider Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:


BEGIN CERTIFICATE-----

MIII3zC....

Maybe this can be helpful to understand what is the problem?

more options

Ok I managed to see the certificate details now. I took 2 screenshots: The first contains the issuer section The second two sections located below (I don't know what they are for but I see that there is an exclamation point on them so maybe there is some problem there)

more options

When I check the cert through SSL Labs, it says that it should be accepted by Mozilla based on a complete certification path:

1 Sent by server *.clave.gob.es

2 Sent by server FNMT-RCM / AC Componentes Informáticos

3 In trust store FNMT-RCM / AC RAIZ FNMT-RCM Self-signed

Your screenshot doesn't show the third cert, so something seems to be missing from your trusted root certificates -- or the intermediate certificate isn't official.

You can check whether your Firefox has the FNMT certs by going into the Settings/Preferences page, typing cert slowly into the tiny search box and then clicking the View Certificates button. On the Authorities list, can you find an FNMT section?

more options

You can click the blue SEC_ERROR_UNKNOWN_ISSUER button in the screenshot attached to the question to expand this section and paste the base64 encoded certificate code in a reply, so we can check the issuer.

more options

פתרון נבחר

Try to rename the cert9.db file (cert9OLD.db) and remove a possible previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.

If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> More Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page (Root directory).

more options

The rename/re-creation of the cert9.db file worked, thanks a lot cor-el! Thanks also to all the other people that provided possible solutions! :) I