Error code: sec_error_unknown_issuer
I am having the typical "This Connection is Untrusted" message visiting a website.
When clicking in technical details, instead of having the button "Add exception", i have this message
XXXXX uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working
Additional System Details
- Adobe PDF Plug-In For Firefox and Netscape 11.0.0
- Google Update
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Next Generation Java Plug-in 11.45.2 for Mozilla browsers
- Office Authorization plug-in for NPAPI browsers
- The plugin allows you to have a better experience with Microsoft SharePoint
- The plugin allows you to have a better experience with Microsoft Lync
- Adobe Shockwave for Director Netscape plug-in, version 184.108.40.2068
- User Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
This is typically caused by antivirus software. Which antivirus software (if any) do you use?
Is the problem just with one site, or do you have this issue on numerous sites?
When you are in the Add Exception dialog, is the View button enabled to view the certificate? If so, who is listed under "Issued by"? Sometimes this will reference your security software vendor, or point to malware.
By the way, it is not normal to get certificate errors on mainstream sites. Most trustworthy sites have their stuff together, and you should almost never need to make an exception.
You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
- Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
- Click the "View" button and inspect the certificate and check who is the issuer.
You can see more details like the intermediate certificates that are used in the Details tab.
Who is the issuer of the certificate?
Can you attach a screenshot of the certificate viewer window?
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB
Doesnt look like related to antivirus or similar. Restoring firebug to default works, but after some time it happens again
The problem is with several sites. I add the exception correctly, i can see the certificate, but still have the error
Restoring firebug to default works, but after some time it happens again
The Firebug extension? Does it have any kind of proxying built in for debugging secure connections?
Bingo! I realised today that this happens after enrouting traffic though a proxy (zap).
When i connect to that website through zap, it works fine, but direct connection doesnt work anymore
Does it ring any bell?
Does ZAP use an add-on to let you select which sites to proxy, or modify Firefox's proxy settings? This must be listed somewhere... If this issue affects all browsers, check the Windows hosts file for a redirect of that hostname to localhost.
I should have mentioned, check your Firefox proxy setting here:
"3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button
I have configured the proxy through foxyproxy
Hi As mentioned i use foxy proxy. Any hint on what could be happening?
I am not familiar with FoxyProxy but if it was directing requests for that certain website to your proxy, have you tried turning that off so Firefox sends requests directly to the site?
Yea. I have a proxy for zap and another for direct connection but seems like once the cert is accepted by zap, the direct connection doesnt validate the cert anymore
That's confusing. I think normally you either see the site's certificate or the proxy's certificate, and they should never get confused with one another.
Maybe the problem is that you saved an exception for the site using the proxy's certificate? If so, try removing it here:
"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button
Check the "Servers" tab for certificates signed by your proxy and see whether you can remove the certificate from there.
If that isn't it, maybe FoxyProxy can explain what's going on. I am not in a position to replicate your setup.
Hi I am having the typical "This Connection is Untrusted" message visiting a website. When clicking in technical details, instead of having the button "Add exception", i have this message XXXXX uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working Thanks
alright so this might be an edge case, but check this out... so if you use an application like fiddler, that captures your network traffic history, it will do something (not sure what) with your certificates and you wont be able to root around in firefox while it is active. i.e. if you close fiddler or the like application, you can use firefox no prob! heres how i found out what was wrong... 1. i have a windows machine so sorry i dont know what the mac equivalent of this is. you need to search for manage user certificates. click that. 2. go to personal -> certificates. this is where i saw DO NOT TRUST_FIDDLER kind of thing everywhere.
this helped me figure out that fiddler was the problem most likely. so i close fiddler and bam it works fine.
Hi jpeeling, that's a good tip. Unfortunately, some malware distributors are using the Fiddler certificate so for users who have not intentionally installed Fiddler, its presence is a huge red flag.