X
Tap here to go to the mobile version of the site.

Support Forum

"This Connection is Untrusted", encountering this issue for google.com but have no "I understand the risks" button. How do I resolve this issue?

Posted

running the Beta version of Firefox. When attempting to use https://www.google.com/ I get the "This Connection is Untrusted" message but do not get the "I understand the risks" button to allow the use of google.com.. how/what needs to be done in order for me to be able to utilize google.com. Can't get past the:

This Connection is Untrusted

You have asked Firefox to connect securely to www.google.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

www.google.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)

running the Beta version of Firefox. When attempting to use https://www.google.com/ I get the "This Connection is Untrusted" message but do not get the "I understand the risks" button to allow the use of google.com.. how/what needs to be done in order for me to be able to utilize google.com. Can't get past the: This Connection is Untrusted You have asked Firefox to connect securely to www.google.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)

Chosen solution

Kaspersky should inject its signing certificate into Firefox's cert8.db file automatically, but when this fails, you can import it. Also, you might need to manually remove the old signing certificate if it isn't cleaned out automatically.

I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product:


"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button > Authorities mini-tab

If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"

Select it and Click "Delete or Distrust"

Now click "Import..."

Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"

Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!


Does that work on your Firefox?

Read this answer in context 15

Additional System Details

Installed Plug-ins

  • The plugin allows you to have a better experience with Microsoft SharePoint
  • Shockwave Flash 18.0 r0
  • 5.1.40416.0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0

More Information

jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

You should not need to add certificate exceptions for well-run sites. Is this the only site where you get a secure certificate error, or have you seen them on other sites? If there is a pattern, please STOP adding exceptions and let us help you investigate as this can indicate malware.

Question: do you run Kaspersky, ESET, BitDefender or avast? These products can cause certificate errors on all secure sites in Firefox is Firefox is not set up to trust the "fake" certificates they generate (these products need that to decrypt and scan your secure connections).

You should not need to add certificate exceptions for well-run sites. Is this the only site where you get a secure certificate error, or have you seen them on other sites? If there is a pattern, please STOP adding exceptions and let us help you investigate as this can indicate malware. Question: do you run Kaspersky, ESET, BitDefender or avast? These products can cause certificate errors on all secure sites in Firefox is Firefox is not set up to trust the "fake" certificates they generate (these products need that to decrypt and scan your secure connections).

Question owner

Running Kaspersky. This just started happening today after I upgraded (yesterday) to the Kaspersky pushed out for Windows 10. Have current license for 3 machines. I uninstalled the new Kaspersky and reinstalled my older version from disc.

Yes, the issue has shown up on some of my other sites as well (banking sites included) but once I used "I understand the risks" for those sites now have access to them. The google site is the only one where did not get the ability to accept.

Running Kaspersky. This just started happening today after I upgraded (yesterday) to the Kaspersky pushed out for Windows 10. Have current license for 3 machines. I uninstalled the new Kaspersky and reinstalled my older version from disc. Yes, the issue has shown up on some of my other sites as well (banking sites included) but once I used "I understand the risks" for those sites now have access to them. The google site is the only one where did not get the ability to accept.

Modified by azcanukfirefox

jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

Chosen Solution

Kaspersky should inject its signing certificate into Firefox's cert8.db file automatically, but when this fails, you can import it. Also, you might need to manually remove the old signing certificate if it isn't cleaned out automatically.

I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product:


"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button > Authorities mini-tab

If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"

Select it and Click "Delete or Distrust"

Now click "Import..."

Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"

Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!


Does that work on your Firefox?

Kaspersky should inject its signing certificate into Firefox's cert8.db file automatically, but when this fails, you can import it. Also, you might need to manually remove the old signing certificate if it isn't cleaned out automatically. I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product: ---- "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button > Authorities mini-tab ''If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"'' ''Select it and Click "Delete or Distrust"'' Now click "Import..." Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\" Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open! ---- Does that work on your Firefox?

Question owner

I had previously deleted the cert8.db and when I started FF it correctly added it back.

I completed what you have suggested above and the Google.com website now comes up without the error. I was also having issues with other search sites but was able to use the "I understand... " to get them to load, as I also did with several banking sites.

So based on the "fix", do you still suspect there may be malware running on my machine? I've had the Microsoft Malicious Software Removal Tool running now for almost an hour with no infections found.

Thanks for the quick response and great help with this matter. Much appreciated.

I had previously deleted the cert8.db and when I started FF it correctly added it back. I completed what you have suggested above and the Google.com website now comes up without the error. I was also having issues with other search sites but was able to use the "I understand... " to get them to load, as I also did with several banking sites. So based on the "fix", do you still suspect there may be malware running on my machine? I've had the Microsoft Malicious Software Removal Tool running now for almost an hour with no infections found. Thanks for the quick response and great help with this matter. Much appreciated.
jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

I suggest checking your exceptions to confirm that the untrusted certificate were signed by Kaspersky and not some other program. You can view them here:

"3-bar" menu button (or Tools menu) > Options > Advanced

On the Certificates mini-tab, click the "View Certificates" button.

In the Certificate Manager, click the Servers tab. Then you can check the exceptions you added (ignore the ones with * for the server). Actually, you probably don't need the individual exceptions any more.

I suggest checking your exceptions to confirm that the untrusted certificate were signed by Kaspersky and not some other program. You can view them here: "3-bar" menu button (or Tools menu) > Options > Advanced On the Certificates mini-tab, click the "View Certificates" button. In the Certificate Manager, click the Servers tab. Then you can check the exceptions you added (ignore the ones with * for the server). Actually, you probably don't need the individual exceptions any more.

Question owner

Yes, all by Kaspersky, and as you thought don't need them. Exported (just in case) and then deleted them all, still get into the sites no problems. So in your expert opinion, what might have caused this issue? The update from Kaspersky to the Windows 10 version or an update to FF? Thanks again!

Yes, all by Kaspersky, and as you thought don't need them. Exported (just in case) and then deleted them all, still get into the sites no problems. So in your expert opinion, what might have caused this issue? The update from Kaspersky to the Windows 10 version or an update to FF? Thanks again!
jscher2000
  • Top 10 Contributor
8872 solutions 72576 answers

An update doesn't change the cert8.db file unless... Sometimes users will run the Refresh feature during an update, which removes the cert8.db file, leaving them without trust for Kaspersky's signing certificate. But you would know because you also would have lost your extensions and ended up with an Old Firefox Data folder on the desktop.

The Kaspkersky update may have changed the signing certificate used without updating cert8.db with that certificate. That seems like the more likely scenario to me.

An update doesn't change the cert8.db file unless... Sometimes users will run the Refresh feature during an update, which removes the cert8.db file, leaving them without trust for Kaspersky's signing certificate. But you would know because you also would have lost your extensions and ended up with an Old Firefox Data folder on the desktop. The Kaspkersky update may have changed the signing certificate used without updating cert8.db with that certificate. That seems like the more likely scenario to me.