This thread was archived. Please ask a new question if you need help.
how do I stop the message "Your connection is not secure" interfering with my browsing?
It cannot be true that all these sites are insecure. In the past this message hardly ever cropped up. Today it seems to be triggered by every other site I visit.
All Replies (16)
hello, first please make sure that the date, time & timezone are set correctly on your system. if this doesn't solve the issue (or it is already set properly), a solution depends on the individual circumstances:
- what is the error code shown when you click on advanced on that error page?
- please also give us more information about the error by clicking on the error code, copying the text to the clipboard and then pasting it here into a reply in the forum.
Time and date are ok.
The error is as follows: The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
thanks, then the information from my second mentioned point (like shown in the screenshot) would be important as well to understand what is happening and how to fix it.
Clicking on the bar that says "copy text to clip board" does not produce a response. The action appears to be blocked.
ok, in any case it's most likely that your security software is interfering here - please see How to troubleshoot security error codes on secure websites for the most common solutions to this issue.
Thank you. I'll see if I can get help from Trend Micro, the antivirus that I'm using.
hm, trend micro doesn't do https-interception as far as i know. so we probably would need the further information from the error page. after you have clicked on the ""copy text to clip board"-button like described above, just come back here to the forum, do a right-click in the reply field & paste which will insert all your clipboard contents. then we will analyse what's going on on that error page. thank you...
Hi Philipp, I was able to get the clip and paste to work. I hope the following info will help to resolve the issue.
Peer's Certificate issuer is not recognized.
HTTP Strict Transport Security: false HTTP Public Key Pinning: false
MIIFYDCCBEigAwIBAgIRAI9uj3wsJm3jAAAAAFDYGEUwDQYJKoZIhvcNAQELBQAw gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN MTYwNTExMTE0MjUxWhcNMTkwNTExMTIxMjUwWjBjMQswCQYDVQQGEwJaQTERMA8G A1UEBxMIUHJldG9yaWExGjAYBgNVBAoTEU5hdGlvbmFsIFRyZWFzdXJ5MSUwIwYD VQQDExxzZWN1cmUucnNhcmV0YWlsYm9uZHMuZ292LnphMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAubLejtLqKm9byLd8kejQqeTP2MZBrqgX79ff8Anf R4uZFsTN3YgrUxzWhntqe8t8YoiLG2leRkTVUmeuui0FeEnayCwjuxzhoWipqoFs MUmbbHIXxdDiKnQYoPS3lAflzvPUxQhG7kSBoSbSgUpxqXPllCQ1mE4ib0zNwBMY t/FIkjoO08htumMgKcdUfzXY/hZtLtR81s4PsuM4AT2xZNt9XqRAAfwGkyckewvL qZBJxRlyCStmYsc0BfyuQ8lME96OALYpNkwe0qD0upfZ5A4BHUUjR0F8aNTAuA46 OzYceVVq7HeGTsJ7+Y5Ei15LeTifpgRvKwkN2wVcFVaMBQIDAQABo4IBtTCCAbEw DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAz BgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsu Y3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUFBwIBFhpodHRw Oi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYBBQUHAQEEXDBa MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcw AoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMEkGA1Ud EQRCMECCHHNlY3VyZS5yc2FyZXRhaWxib25kcy5nb3YuemGCIHd3dy5zZWN1cmUu cnNhcmV0YWlsYm9uZHMuZ292LnphMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/ p2DGCky/MB0GA1UdDgQWBBRIQhzkzvZcBOzFfw+gZyrymqa/DjAJBgNVHRMEAjAA MA0GCSqGSIb3DQEBCwUAA4IBAQC2VRA4wkWIqwuTzbLuBB/HPvREwyyf0mmNS9el /L3c3y8BoXz/RA6j8lER0gavTmZ5iCDd2C7CVgW+7h/iDxtsas8WYfu6CaVWwcDt PW8YWcg/A/jI+/LZcTdQMKOst0ziv9Jn/V126w/izEp8KgmO0hbgtg0I26ioanJf v6+Nwf6Ut+CbUL9Xy2BEmHl0Yf3BHGn8Zk7GyfkVNPy56gi2MkzBnNSvqak4dgu4 /21ckOH6dl2F5K94emFeT86A7MQHcyz3B8fqPqcRgsRb30Wpx207NZeVTmi85KAW 4RhoozdyxjdIFBRaeRoifR7WtV5M+XvVsKoPgFNYNC4FR+kG
ok, in this particular case it's due to a misconfigured webserver, which doesn't submit the necessary intermediate certificate.
in order to work around that and install the missing cert manually, click on this link: https://ssl-tools.net/certificates/f21c12f46cdb6b2e16f09f9419cdff328437b2d7.pem & just click on ok in the opening dialog. afterwards the page you have mentioned should load...
Certificate Information: Common Name: secure.rsaretailbonds.gov.za Subject Alternative Names: secure.rsaretailbonds.gov.za, www.secure.rsaretailbonds.gov.za Organization: National Treasury Locality: Pretoria Country: ZA Valid From: May 11, 2016 Valid To: May 11, 2019 Issuer: Entrust Certification Authority - L1K, Entrust, Inc. Write review of Entrust Serial Number: 8f6e8f7c2c266de30000000050d81845
The server doesn't send all intermediate certificates needed to build a complete certificate chain. You can check the server via this website:
You can download the intermediate certificate via this link and import the certificate in the Certificate Manager.
Do NOT set any trust bits when importing the certificate as those are only required for trusted root certificates and should never be set for intermediate certificates.
Using the link (https://ssl-tools.net/certificates/f21c12f46cdb6b2e16f09f9419cdff328437b2d7.pem) I was able to reach the first site but not the next. I've attached a couple of images in the hope this will help.
can you please copy/paste the full error details again?
Unfortunately not. When I click on "advanced" and follow the error: www.investecmoney.co.za uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER, this site displays the details I sent before in the image. Clicking on the copy text to clipboard does not copy anything at all. I've tried several times.
Hmm, https://www.investec.co.za/ should work fine.
When you expand the Advanced section of the error page, does Firefox show an "Add Exception" button?
Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.
Click Add Exception, and the certificate exception dialog should open.
Click the View button. If View is not enabled, try the Get Certificate button first.
This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.
If there is no Add Exception button:
You can try opening that same dialog in a new tab by pasting this in the address bar and pressing Enter to load it: chrome://pippki/content/exceptionDialog.xul
Then paste the above address into the form, click Get Certificate and assuming it is retrieved successfully, continue with the above View button step.
Hmm, it seems when I hit https://www.investecmoney.co.za/ it redirects successfully, but for you it doesn't, so I land on https://www.investec.co.za/products-and-services/banking-services/personal-savings-accounts.html and you do not.
Probably this is due to a missing intermediate certificate on your Firefox.
If this address previously worked normally for you and suddenly stopped working, it's possible that you had stored the missing certificate from another website and Firefox was quietly using it in the background, but that you cleared Firefox's certificate store either by using Firefox's Refresh feature or by deleting the cert8.db file from your profile folder.
Many thanks for your help. There was a link on that page which I was not able to reach, but it is not essential that I do so. One day last week it seemed that every second site I visited produced some kind of security message. Not such a problem now, so I don't wish to pursue the issue further. Thanks again.