Na websydłach, kotrež maja za poprawom wěste (URL započina z „https://“, dyrbi Firefox přepruwować, hač certifikat, kotryž so wot websydło prezentuje, je płaćiwy. Jeli certifikat njeda so přepruwować, Firefox zwisk z websydłom přetorhnje a pokaza zmylkowu zdźělenku "Waš zwisk wěsty njejeTutón zwisk dowěry njehódny" město toho. Tutón nastawk wujasnja, čehodla snano zmylk "SEC_ERROR_UNKNOWN_ISSUER" na websydłach widźiće a kak móžeće jón rozrisać.

Što tuta zmylkowa zdźělenka woznamjenja?

Za wěsty zwisk dyrbi websydło certifikat podać, kotryž je so wot dowěry hódneho certifikowanišća (němsce) wudał, zo by zawěsćił, zo so wužiwar z požadanym cilom zwjazuje a zwisk je zaklučowany. Jeli zmylkowu stronu "Waš zwisk wěsty njejeTutón zwisk je dowěry njehódny" dóstanjeće a zmylk "SEC_ERROR_UNKNOWN_ISSUER" widźiće, po tym zo sće na RozšěrjenyTechniske podrobnosće kliknył, to rěka, zo podaty certifikat je so wot certifikowanišća wudał, kotrež Firefox njeznaje a tohodla njemóže po standardźe dowěry hódny być.

Wobraz "westy zwisk unknown issuer fx47" njeeksistuje.

Zmylk na wjacorych wěstych sydłach wustupuje

Jeli tutón problem na wjacorych njezwisowacych HTTPS-sydłach maće, to rěka, zo něsto we wašim systemje abo syći waš zwisk wotposkuje a certifikaty tak injicěruje, zo Firefox zwisk za dowěry hódny nima. Najhusćišej zawinje stej skenowanje zaklučowanych zwiskow přez wěstotne programy abo škódne program, kotryž originale certifikaty websydło přez swójski wuměnja.

Antiwirusowe produkty

Jeli waš wěstotny program ma funkciju za skenowanje zaklučowanych zwiskow, dosaha zwjetša wěstotny program znowa instalować, zo by program swoje certifikaty zaso do dowěry hódneho wobwoda Firefox składował. Spytajće slědowace rozrisanja za date wěstotne programy:

Avast

We wěstotnych programach Avast móžeće wotposkowanje wěstych zwiskow znjemóžnić:

1. Wočińće kontrolnu desku swojeho programa Avast.
2. Dźiće k Einstellungen > Aktiver Schutz a klikńće na Anpassen pódla Web-Schutz.
3. Wotstrońće hóčku pódla nastajenja HTTPS-Scanning aktivieren a wobkrućće to přez kliknjenje na OK.

Za dalše informacije wo tutej funkciji hlejće blog Avast.

Bitdefender

We wěstotnych programach Bitdefender móžeće wotposkowanje wěstych zwiskow znjemóžnić:

1. Wočińće kontrolnu desku wašeho programa Bitdefender.
2. Klikńće we wersiji 2016 wěstotneho programa Bitdefender na Module.
   We wersiji 2015 Bitdefender klikńće na Schutz.
3. Klikńće na Web-Schutz.
4. Znjemóžńće nastajenje SSL untersuchen.

Za informacije wo předewzaćelskich nałoženjach Bitdefender hlejće tutu stronu pomocy Bitdefender (jendźelsce).

Bullguard

We wěstotnych nałoženjach Bullguard móžeće wotposkowanje wěstych zwiskow na wěstych woblubowanych websydłach kaž na přikład Google, Yahoo a Facebook znjemóžnić:

1. Wočińće kontrolnu desku swojeho programa Bullguard.
2. Klikńće na Antivirus-Einstellungen > Sicheres Surfen.
3. Znjemóžńce nastajenje Sichere Suchergebnisse anzeigen za te websydła, kotrež zmylkowu zdźělenku pokazuja.

ESET

We wěstotnych nałoženjach ESET móžeće spytać, nastajenje SSL/TLS-Protokollfilterung znjemóžnić a zaso zmóžnić abo prosće wotposkowanje wěstych zwiskow znjemóžnić, kaž so w nastawku pomocy ESET wopisuje.

Kaspersky

In Kaspersky security products you can disable the interception of secure connections:

1. Open the dashboard of your Kaspersky application.
2. Click on Settings on the bottom-left.
3. Click Additional and then Network.
4. If you use a 2016 version of Kaspersky: In the Encrypted connections scanning section check the Do not scan encrypted connections option and confirm this change.
   Alternatively you can click on Advanced Settings in order to try to trigger a reinstallation of Kaspersky's certificate. In the dialog that opens click on Install certificate… and follow the on-screen instructions.
   If you use a 2015 version of Kaspersky: uncheck the Scan encrypted connections option.
5. Finally, reboot your system for the changes to take effect.
   
   Users of an earlier version of Kaspersky with a current subscription are entitled to an upgrade to the latest product version, which is available for download and installation on the Kaspersky product updates page. Afterwards follow the steps from above.

Family Safety settings in Windows accounts

In Microsoft Windows accounts protected by Family Safety settings, secure connections on popular websites like Google, Facebook and YouTube might be intercepted and their certificates replaced by a certificate issued by Microsoft in order to filter and record search activity.

Read this Microsoft FAQ page on how to turn off these family features for accounts. In case you want to manually install the missing certificates for affected accounts, you can refer to this Microsoft support article.

Monitoring/filtering in corporate networks

Some traffic monitoring/filtering products used in corporate environments might intercept encrypted connections by replacing a website's certificate with their own, at the same time possibly triggering errors on secure HTTPS-sites. If you suspect this might be the case, please contact your IT department to ensure the correct configuration of Firefox to enable it working properly in such an environment, as the necessary certificate might have to be placed in the Firefox trust store first.

Malware

Some forms of malware intercepting encrypted web traffic can cause this error message - refer to the article Problemy Firefox rozrisać, kotrež so přez škódne programy zawinuja on how to deal with malware problems.

The error occurs on one particular site only

In case you get this problem on one particular site only, this type of error generally indicates that the web server is not configured properly. However, if you see this error on a legitimate major website like Google or Facebook or sites where financial transactions take place, you should continue with the steps outlined above.

Missing intermediate certificate

On a site with a missing intermediate certificate you will see the following error description after you click on AdvancedTechnical Details on the "Your connection is not secureThis Connection is Untrusted" error page:

The website's certificate might not have been issued by a trusted certificate authority itself and no complete certificate chain to a trusted authority was provided either (a so-called "intermediate certificate" is missing).
You can test if a site is properly configured by entering a website's address into a third-party tool like SSL Labs' test page. If it is returning the result "Chain issues: Incomplete", a proper intermediate certificate is missing. You should contact the owner of the website you're having troubles accessing to inform him of that problem.

Self-signed certificate

On a site with a self-signed certificate you will see the following error description after you click on AdvancedTechnical Details on the "Your connection is not secureThis Connection is Untrusted" error page:

A self-signed certificate that wasn't issued by a recognized certificate authority is not trusted by default. Self-signed certificates can make your data safe from eavesdroppers, but say nothing about who the recipient of the data is. This is common for intranet websites that aren't available publicly and you may bypass the warning for such sites.

Bypassing the warning

If the website allows it, you can add an exception in order to visit the site, in spite its certificate is not being trusted by default:

1. On the warning page, click AdvancedI understand the Risks.
2. Click Add Exception…. The Add Security Exception dialog will appear.
3. Read the text describing the problems with the website. You can click View… in order to closer inspect the untrusted certificate as well.
4. Click Confirm Security Exception if you are sure you want to trust the site.