hi jnolan, first of all it's very likely that your bank is providing a certificate that would be trusted by each major browser - so this error message indicates that something on your system or network is intercepting and listening in to the connection to your bank. therefore you should proceed very carefully and not create any certificate exceptions to work around the issue.

please give us more information about the error by clicking on the error code, copying the text to the clipboard and then pasting it here into a reply in the forum like shown in the screenshot.

https://www.bankfinancial.com/

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:

MIIFQjCCBCqgAwIBAgIIKY8Y6yZrycIwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1 cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTcwNTE1MTAxNTAwWhcN MjAwNTE1MTAxNTAwWjBDMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0 ZWQxHjAcBgNVBAMTFXd3dy5iYW5rZmluYW5jaWFsLmNvbTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMdIfJT0jre06ptL7ai+DyWNPNGMf1O88M6XcCPG +imNjKMH/pTMUmuy6gm2RyNaQixy/A47YBTl1FDzNXBqyaeIpHGXZsFFBqdJv5zS Qm6wZp1+eYbbwPcqTgOoqUkLJ1md8wcsDgo5am0PH/wPy7Yxh9sHO/sk09yhX5vj 1mcImksVaKXV3tpGF7wKg/GgmIvg8dCdjlvvf3SesNZ3fKRhM/xAHA5qC3v5b3il vYtUmhHUlGsuo5B9EbuQOCN58EeWAwTOSWjfjn/ylBqr1iZvX5ViEJKNpVwZFu5i zpDxr5STUrWoR/wikHlgR/TajiV+KD3CANex8CDOAaGqywUCAwEAAaOCAcYwggHC MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4G A1UdDwEB/wQEAwIFoDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmdvZGFk ZHkuY29tL2dkaWcyczEtNTE0LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcB MDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20v cmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcw AYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8v Y2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8G A1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMDMGA1UdEQQsMCqCFXd3dy5i YW5rZmluYW5jaWFsLmNvbYIRYmFua2ZpbmFuY2lhbC5jb20wHQYDVR0OBBYEFE48 Zil7+9lmFXAZLU7hj/je/ilQMA0GCSqGSIb3DQEBCwUAA4IBAQCob+JLprdPUJ2b a4+vDBazz74t41A73kbq6kMPq4q9M6juKNTrtHwmZtcxJGco8SnPEgjiyvxKGOEc wFw27DViIvQh4BpElrpXinhNC9rqK1jbQVgnNa8yY8x5uHn2/URTihDl5/sYiLlj XXiGR3cah1Xy44gbt33N6ibi1B2byg2EwYeK40n3s0GZ7rWZpfayIekUJz9JIiod /GY+9gqQP/WjlcqQqvO4/ZgontxtqXKkBd8c6LREUGwUPA5MTjYF/20DVMuw1pOf /g7eJ0d/wee0N4cSJ4p77yyNamYAairpCKaC9CKat6HE/MMHZ0qUYHHKPc8VFVau /PhKdg0C

thank you, apparently they managed to not correctly implement the cert on their site as they are missing an intermediate certificate - https://www.ssllabs.com/ssltest/analyze.html?d=www.bankfinancial.com (chain is incomplete there). you may want to report that to the website in question

as a workaround you could visit https://certs.godaddy.com/repository - there firefox will automatically cache the missing intermediate certificate and subsequently you should be able to access the financial website without the error...

I was going to say the same thing. The site's certificate itself is fine. However, it was not directly signed by a trusted root certificate, it was signed by an intermediate certificate. Firefox requires that sites send any intermediate certificates necessary to prove a full chain of trust between the site's certificate and a trusted root. There is an exception, as philipp mentioned: Firefox saves intermediate certificates as you browse, so it can fill in the gap on many sites that have this problem. But if you have a new install of Firefox, or recently used the Refresh feature, or deleted the cert8.db file in your Firefox profile, that "memory" is erased and sites can't rely on the crutch of Firefox coincidentally having stored that intermediate certificate.

I don't understand what I'm supposed to do when I get to the Godaddy site.

And thank you to jscher2000 but that's Greek to me :(

You can save this file with the missing intermediate certificate to your hard drive (default Downloads folder or Desktop):

• http://certificates.godaddy.com/repository/gdig2.crt

You can import this certificate file in the Firefox Certificate Manager on the Authorities tab.

• Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities: Import

You can find this Certificates section at the bottom of this specific Privacy & Security page or use the search bar (certificate).

Do NOT set any trust bits on an intermediate certificate like this one is. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.

If you reload the page then you should no longer get this untrusted error.

I'm not getting a download. I click ok nothing happens. :) I'm not technical. Thanks for your help. As long as the site is ok I guess I'll try using IE.