certificate problem / SSL Error with Firefox 58.0.1 (64-Bit) Kaspersky Internet Security 17.0.0.611 and active FF Master PW
Since installation of Firefox 58 at Windows 10 I cant access to all SSL / Https pages, also not to Google.com !! Solution is already described by manual updating / deleting and import the Kaspersky certificate (better to edit and simply flag the 3 check boxes of trust setting" for AO Kaspersky Lab).
But: when edit or import the certitificate, always my Master Password for Firefox Password manager is requested. And at next Firefox start the certificate trust setting flag again is blank and previous settings are lost. If no Master Password is set, there is NO Problem. Previous Firefox version had not such problem and works well ! Thanks for your help! All other browser on my PC work well without SSl certificate error!
Modified
Chosen solution
This worked for me:
1. In a new Firefox tab, type or paste "about:config" in the address bar and press Enter/Return. Click the button promising to be careful. 2. In the search box above the list, type or paste "roots" and pause while the list is filtered 3. Double-click the "security.enterprise_roots.enabled" preference to switch the value from false to true.
Read this answer in context 👍 32All Replies (16)
Thanks for your quick and kindly help !!! But solution did not fix it ! 1) Kaspersky change to <Do no scan encrypted connections> is only a "nice workarround" and then browser works, BUT then unsave SSL connection.
2) Reinstallation of Kaspersky's certificate works well in Kaspersky but Firefox problem still is same
3) my trial / also poor: Fully de-install Firefox and reboot and new clean reinstallation But still same fault. Also after manual import of Kasperski certificate. Always the same problem: When edit and activate the 3 flags of Kaspersky certificate or import the certitificate, always my Master Password for Firefox Password manager is requested. Then it works well until Firefox is closed. At next Firefox start the certificate trust setting flaga all 3 again blank = previous settings are lost. If no Master Password is set, there is NO Problem.
I have now made a new installation of Kasperky and update to Kaspersky Internet Security 18.0.0.405 (f). But still same problem at Firefox. With active FF Master PW the flags at Kaspersky certificate trust alsways removed and blank at next start. I "feel" that this is a BUG at Firefox 58 / 58.0.1 (64-Bit) Looking forward to your further help and maybe real and final Firefox fix. Thanks again!
Modified
Hi, I have experienced this problem myself. The solution is as follows; Open firefox settings, left side privacy and security, from the bottom show certifications, Find kaspersky certifica, set trust settings.
Hi ysfcry, Thanks for your kindly help and nice screen pictures! But this did not work if at Firefox a Master Pasword is setup for protection all stored passwords in Firefox. >In this case the 3 check marks /flags for certificate trust can be set. > Then FF ask for Master Password input > Then FF works well for this certificate. > BUT: after close Firefox and restart, again the 3 trust flags are blank and certificate error is shown. In case the Master Pasword is removed, the trust flags remain,also at new restart. But with active Master Password it always failed :-((
Robbi-Fox dedi ki
Hi ysfcry, Thanks for your kindly help and nice screen pictures! But this did not work if at Firefox a Master Pasword is setup for protection all stored passwords in Firefox. >In this case the 3 check marks /flags for certificate trust can be set. > Then FF ask for Master Password input > Then FF works well for this certificate. > BUT: after close Firefox and restart, again the 3 trust flags are blank and certificate error is shown. In case the Master Pasword is removed, the trust flags remain,also at new restart. But with active Master Password it always failed :-((
Yes now I have noticed. Using Master Password will reset the settings. I guess we have no choice but to wait for an update. :||
Try to remove cert8.db and cert9.db and secmode.db and pkcs11.txt to reset the certificate store with Firefox closed.
You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.
- Help -> Troubleshooting Information -> Profile Directory:
Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder - http://kb.mozillazine.org/Profile_folder_-_Firefox
Hi cor-el, THANKS a lot for your great and kindly help !!! Unfortunatelly your proposal only solved it at the first start after the files had been removed (I did not removed but simpy renamed them for checkin). Seems that after new start FF creates the 3 files new. And then after close and restart, again same issue and the 1 to 3 trust flags at Kaspersky certificate are removed and blank and SSL issue is shown. I still suppose this is a BUG a Firefox 58 :-(( But thanks again to all for your great support. So still waiting for final solution ...
hi, i couldn't reproduce the issue myself trying with a kaspersky trial version - could you file a bug for this issue at https://bugzilla.mozilla.org so that mozilla's developers get aware of it? thank you...
Hi dear philip, thanks for this advice. I had tried this already initially on 29.01. But I always failed to create a new account at bugzilla and always no mail for registartion was sent. Today same issue .. But after 3 trial in same way sudenly I received a confirmation mail and now I have created a new Bug ID 1434731. Cross my fingers that the developers can solve it. Thanks again for you help!
Hi everyone, I solved the problem like this. I set the certificate and I set the master password. I entered the profile files. cert8.db, cert9.db, pkcs11.txt, secmode.db right click on files read-only tic. He's no longer making a mistake.
Hi ysfcry, thanks a lot for your ongoing help! Yes I can confirm your proposal to set this files to read-only avoids the SSL issue. So I will use this nice idea temporary. Problem now is: > From FF screen I can not anymore change or remove the Master PW > I'm afraid that no certificates can be updated anymore in future. So I frequnetly will need to remove the read-only flag from this files for any updates.
But this countermeasure also helps and confirms that FF problems seems to be at start-up, not when FF is closed.
So: I feel this is a BUG in FF58. So I will wait for final correction from the developers, as I raised a bugzilla report.
Modified
Robbi-Fox dedi ki
Hi ysfcry, thanks a lot for your ongoing help! Yes I can confirm your proposal to set this files to read-only avoids the SSL issue. So I will use this nice idea temporary. Problem now is: > From FF screen I can not anymore change or remove the Master PW > I'm afraid that no certificates can be updated anymore in future. So I frequnetly will need to remove the read-only flag from this files for any updates. But this countermeasure also helps and confirms that FF problems seems to be at start-up, not when FF is closed. So: I feel this is a BUG in FF58. So I will wait for final correction from the developers, as I raised a bugzilla report.
Let's manage a bit, the mozilla team will solve the problem.
Chosen Solution
This worked for me:
1. In a new Firefox tab, type or paste "about:config" in the address bar and press Enter/Return. Click the button promising to be careful. 2. In the search box above the list, type or paste "roots" and pause while the list is filtered 3. Double-click the "security.enterprise_roots.enabled" preference to switch the value from false to true.
Hi Dulverton,
THANKS. While SSL Error in FF I opened "about:config" and set "security.enterprise_roots.enabled" value by double click from false to true. w/o restart the SSL error is gone and all https:/ pages work again OK. solved! BUT: Do you know any negaitive side effects ?? Maybe now the certificate check is unabled and FF security is weak ?? Can you confirm that security is same as before and that this is no risk ?
A possible risk is that if there are certificates in the Windows certificate store added by malware or certificates that shouldn't be trusted that you get these certificates in Firefox when you toggle this pref to true (it's all or nothing).
I'm no expert, but this is the reply I had from Kaspersky:
Dear customer,
Thank you for your reply.
I would like to inform you that these changes don't affect the security of your browser.
Unfortunately we do not have any information yet about the date of the new patch, but you can contact us again when the (g) patch will be released, if you have any issue.
Thank you.
I hope you find this information useful.