X
Tik hier voor de mobiele versie van de website.

Ondersteuningsforum

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Error SEC_ERROR_UNKNOWN_ISSUER browsing internally issued web certificate. Certificate chain correct. Advanced "Peer’s Certificate issuer is not recognized"

Geplaatst

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:


BEGIN CERTIFICATE-----

MIIGDjCCBPagAwIBAgITdwAAJ0duIiMYEnPi/AADAAAnRzANBgkqhkiG9w0BAQsF ADCBiDESMBAGCgmSJomT8ixkARkWAmF1MRMwEQYKCZImiZPyLGQBGRYDbmV0MRMw EQYKCZImiZPyLGQBGRYDYWJjMRUwEwYKCZImiZPyLGQBGRYFYXVudHkxEzARBgoJ kiaJk/IsZAEZFgNhdXMxHDAaBgNVBAMTE2F1cy1OVUNQU0VDU0NBMDEtQ0EwHhcN MTcxMTIzMDMxODA0WhcNMjIxMTIyMDMxODA0WjB4MQswCQYDVQQGEwJBVTEMMAoG A1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxDDAKBgNVBAoTA0FCQzEMMAoGA1UE CxMDQUJDMS4wLAYDVQQDEyVhZGVsYWlkZWhvdXNlbW9uLmF1cy5hdW50eS5hYmMu bmV0LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyMjFu7p24kM2osD42 kxzOstz6E1UGh89wNjF7gdlJuqkPthf7UG+9LOm+ZaxWOo2xDDZOcWg8nA9/Tvm3 wVesvIa+sIlPsEfvDpTHV5G0Q3hj9BLZy6aGoOKQ+QCDcP3QGYY/BmrgEVYGO3FR QzIUN8/ewzupB54Hc9RGnACtrQIDAQABo4IDAjCCAv4wPQYJKwYBBAGCNxUHBDAw LgYmKwYBBAGCNxUIh7GvAYTd8yeE1ZE2haDuPIKsyy5thIboIYS0pkQCAWgCAQww EwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMBsGCSsGAQQBgjcV CgQOMAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFJiTltqiS4ccangUJIaMii1aWeLN MDAGA1UdEQQpMCeCJWFkZWxhaWRlaG91c2Vtb24uYXVzLmF1bnR5LmFiYy5uZXQu YXUwHwYDVR0jBBgwFoAUns+j+FBzfWoUJNWD//rgZRlmn7kwggE0BgNVHR8EggEr MIIBJzCCASOgggEfoIIBG4aBzWxkYXA6Ly8vQ049YXVzLU5VQ1BTRUNTQ0EwMS1D QSgxKSxDTj1OVUNQU0VDU0NBMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNl cnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YXVudHksREM9 YWJjLERDPW5ldCxEQz1hdT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/ b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGSWh0dHA6Ly9jcmwtYWJj cG9ydGFsLm1zYXBwcHJveHkubmV0L0NlcnRFbnJvbGwvYXVzLU5VQ1BTRUNTQ0Ew MS1DQSgxKS5jcmwwgdAGCCsGAQUFBwEBBIHDMIHAMIG9BggrBgEFBQcwAoaBsGxk YXA6Ly8vQ049YXVzLU5VQ1BTRUNTQ0EwMS1DQSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1h dW50eSxEQz1hYmMsREM9bmV0LERDPWF1P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmpl Y3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBCwUAA4IB AQBnsceCzHQ3fgmKDa1ARpR9KjFYwhxz617ixtZ4WKFh+RuaLoyLQRPqawgf8QCa bFMb9MbvLdD27n5bzrdDY+YRg6G4N4biXi1tqRiRu5pgr6Zsn2tUkU0rC5mLP8RZ Gnc0k0pJFPKPyXHa23SjfgW7o3zxVWwbrwGL5ws4SYOYHEPKlamLDDC1C5FvBxWA nLiPwwqAXYjkTP4rnag/1wrAUcq5qF7m06k5j0c92r27nV/IVV8BVtPUL3EMvTw+ FUwYrzgGKMvqc8GtYDjhdOLsZiWAVTBb4s7Vs9vLUTLR5Kr8SuuZnHTyONoh6jOa bDWmsGemYelvX/89e6et2TYA


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIE8DCCA9igAwIBAgITJQAAAAv78K96DnPiKQAAAAAACzANBgkqhkiG9w0BAQsF ADAUMRIwEAYDVQQDEwlBQkNSb290Q0EwHhcNMTcwNDExMDU0ODE2WhcNMzcwMTEy MjIzODM5WjCBiDESMBAGCgmSJomT8ixkARkWAmF1MRMwEQYKCZImiZPyLGQBGRYD bmV0MRMwEQYKCZImiZPyLGQBGRYDYWJjMRUwEwYKCZImiZPyLGQBGRYFYXVudHkx EzARBgoJkiaJk/IsZAEZFgNhdXMxHDAaBgNVBAMTE2F1cy1OVUNQU0VDU0NBMDEt Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUh/oe/yZrUrQC/Yi rNO8iYNOkg3ejIlzsw9gQOsbiHxqiexAXVueGVC75gDjgkXWdt+bYrUAXtiPRrf/ TQFyVMBTp4MtzmiTCgEonZrRMNfLu+Un4uW1m4VeKEg9FKJzIRZyBqKdPq5g6byb NnoUHvDrMw3O70YbiR8v51Gq+PY5ew8ZRhJF7k86s21YBWeZ4lkVTLsFTbko/0R5 Obn/Uk6xML3ffPp0V6UAPjDE6lOq5qizpEYryUWiMIgOV4Fv2HBPqNvpHxeW9TG+ 64BzXOyKDHBb/uCghQI1tyEo5TsyliEf6Htxw8v7LnG75CXyTbQ1hMSO3+axhWbm 6XcvAgMBAAGjggHEMIIBwDASBgkrBgEEAYI3FQEEBQIDAQADMCMGCSsGAQQBgjcV AgQWBBQMqkvA7hG66tElJCgplomEvRXupTAdBgNVHQ4EFgQUns+j+FBzfWoUJNWD //rgZRlmn7kwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGG MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUNUk/u75iU8ersPpjEAeLgOuJ CBowawYDVR0fBGQwYjBgoF6gXIYsaHR0cDovL05VQ1BTRUNTQ0EwMS9DZXJ0RW5y b2xsL0FCQ1Jvb3RDQS5jcmyGLGh0dHA6Ly9OTFBQU0VDU0NBMDEvQ2VydEVucm9s bC9BQkNSb290Q0EuY3JsMIGeBggrBgEFBQcBAQSBkTCBjjBFBggrBgEFBQcwAoY5 aHR0cDovL05VQ1BTRUNTQ0EwMS9DZXJ0RW5yb2xsL05VQ1BTRUNSQ0EwMl9BQkNS b290Q0EuY3J0MEUGCCsGAQUFBzAChjlodHRwOi8vTkxQUFNFQ1NDQTAxL0NlcnRF bnJvbGwvTlVDUFNFQ1JDQTAyX0FCQ1Jvb3RDQS5jcnQwDQYJKoZIhvcNAQELBQAD ggEBABpEc6rXRK+KT9vdVeUxv6H2rxwgnXiqWQLsLhJ/xoHw5lpO4mhgwOnf/h2l jxd5D2qsxezO8c0E0pqXU8miQbiDajA/JdXCplKYI72Q5orpa200mGZyvfnSXTbU +gYiGisCA3wwlyJGHxkoRM1p2xFzjxgo/dEGR6WUyj5bGVcppu4yzyez/ABVq19G RSClpH359fWJre3t3D4SvpNLmS3RufFU7WvAz6SUqdHfCLxpNDMl1vSPaC41W0qs kUg3GbQ9LkBkJgKWcawj+gLOApMj32YGzdMkbERxDauFB39/j3UdCINeTdXy5RDM HCYG+xsRiqHyS4ccaYXX2yKOCNk=


END CERTIFICATE-----
Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain: -----BEGIN CERTIFICATE----- MIIGDjCCBPagAwIBAgITdwAAJ0duIiMYEnPi/AADAAAnRzANBgkqhkiG9w0BAQsF ADCBiDESMBAGCgmSJomT8ixkARkWAmF1MRMwEQYKCZImiZPyLGQBGRYDbmV0MRMw EQYKCZImiZPyLGQBGRYDYWJjMRUwEwYKCZImiZPyLGQBGRYFYXVudHkxEzARBgoJ kiaJk/IsZAEZFgNhdXMxHDAaBgNVBAMTE2F1cy1OVUNQU0VDU0NBMDEtQ0EwHhcN MTcxMTIzMDMxODA0WhcNMjIxMTIyMDMxODA0WjB4MQswCQYDVQQGEwJBVTEMMAoG A1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxDDAKBgNVBAoTA0FCQzEMMAoGA1UE CxMDQUJDMS4wLAYDVQQDEyVhZGVsYWlkZWhvdXNlbW9uLmF1cy5hdW50eS5hYmMu bmV0LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyMjFu7p24kM2osD42 kxzOstz6E1UGh89wNjF7gdlJuqkPthf7UG+9LOm+ZaxWOo2xDDZOcWg8nA9/Tvm3 wVesvIa+sIlPsEfvDpTHV5G0Q3hj9BLZy6aGoOKQ+QCDcP3QGYY/BmrgEVYGO3FR QzIUN8/ewzupB54Hc9RGnACtrQIDAQABo4IDAjCCAv4wPQYJKwYBBAGCNxUHBDAw LgYmKwYBBAGCNxUIh7GvAYTd8yeE1ZE2haDuPIKsyy5thIboIYS0pkQCAWgCAQww EwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMBsGCSsGAQQBgjcV CgQOMAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFJiTltqiS4ccangUJIaMii1aWeLN MDAGA1UdEQQpMCeCJWFkZWxhaWRlaG91c2Vtb24uYXVzLmF1bnR5LmFiYy5uZXQu YXUwHwYDVR0jBBgwFoAUns+j+FBzfWoUJNWD//rgZRlmn7kwggE0BgNVHR8EggEr MIIBJzCCASOgggEfoIIBG4aBzWxkYXA6Ly8vQ049YXVzLU5VQ1BTRUNTQ0EwMS1D QSgxKSxDTj1OVUNQU0VDU0NBMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNl cnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YXVudHksREM9 YWJjLERDPW5ldCxEQz1hdT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/ b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGSWh0dHA6Ly9jcmwtYWJj cG9ydGFsLm1zYXBwcHJveHkubmV0L0NlcnRFbnJvbGwvYXVzLU5VQ1BTRUNTQ0Ew MS1DQSgxKS5jcmwwgdAGCCsGAQUFBwEBBIHDMIHAMIG9BggrBgEFBQcwAoaBsGxk YXA6Ly8vQ049YXVzLU5VQ1BTRUNTQ0EwMS1DQSxDTj1BSUEsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1h dW50eSxEQz1hYmMsREM9bmV0LERDPWF1P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmpl Y3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBCwUAA4IB AQBnsceCzHQ3fgmKDa1ARpR9KjFYwhxz617ixtZ4WKFh+RuaLoyLQRPqawgf8QCa bFMb9MbvLdD27n5bzrdDY+YRg6G4N4biXi1tqRiRu5pgr6Zsn2tUkU0rC5mLP8RZ Gnc0k0pJFPKPyXHa23SjfgW7o3zxVWwbrwGL5ws4SYOYHEPKlamLDDC1C5FvBxWA nLiPwwqAXYjkTP4rnag/1wrAUcq5qF7m06k5j0c92r27nV/IVV8BVtPUL3EMvTw+ FUwYrzgGKMvqc8GtYDjhdOLsZiWAVTBb4s7Vs9vLUTLR5Kr8SuuZnHTyONoh6jOa bDWmsGemYelvX/89e6et2TYA -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgITJQAAAAv78K96DnPiKQAAAAAACzANBgkqhkiG9w0BAQsF ADAUMRIwEAYDVQQDEwlBQkNSb290Q0EwHhcNMTcwNDExMDU0ODE2WhcNMzcwMTEy MjIzODM5WjCBiDESMBAGCgmSJomT8ixkARkWAmF1MRMwEQYKCZImiZPyLGQBGRYD bmV0MRMwEQYKCZImiZPyLGQBGRYDYWJjMRUwEwYKCZImiZPyLGQBGRYFYXVudHkx EzARBgoJkiaJk/IsZAEZFgNhdXMxHDAaBgNVBAMTE2F1cy1OVUNQU0VDU0NBMDEt Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUUh/oe/yZrUrQC/Yi rNO8iYNOkg3ejIlzsw9gQOsbiHxqiexAXVueGVC75gDjgkXWdt+bYrUAXtiPRrf/ TQFyVMBTp4MtzmiTCgEonZrRMNfLu+Un4uW1m4VeKEg9FKJzIRZyBqKdPq5g6byb NnoUHvDrMw3O70YbiR8v51Gq+PY5ew8ZRhJF7k86s21YBWeZ4lkVTLsFTbko/0R5 Obn/Uk6xML3ffPp0V6UAPjDE6lOq5qizpEYryUWiMIgOV4Fv2HBPqNvpHxeW9TG+ 64BzXOyKDHBb/uCghQI1tyEo5TsyliEf6Htxw8v7LnG75CXyTbQ1hMSO3+axhWbm 6XcvAgMBAAGjggHEMIIBwDASBgkrBgEEAYI3FQEEBQIDAQADMCMGCSsGAQQBgjcV AgQWBBQMqkvA7hG66tElJCgplomEvRXupTAdBgNVHQ4EFgQUns+j+FBzfWoUJNWD //rgZRlmn7kwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGG MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUNUk/u75iU8ersPpjEAeLgOuJ CBowawYDVR0fBGQwYjBgoF6gXIYsaHR0cDovL05VQ1BTRUNTQ0EwMS9DZXJ0RW5y b2xsL0FCQ1Jvb3RDQS5jcmyGLGh0dHA6Ly9OTFBQU0VDU0NBMDEvQ2VydEVucm9s bC9BQkNSb290Q0EuY3JsMIGeBggrBgEFBQcBAQSBkTCBjjBFBggrBgEFBQcwAoY5 aHR0cDovL05VQ1BTRUNTQ0EwMS9DZXJ0RW5yb2xsL05VQ1BTRUNSQ0EwMl9BQkNS b290Q0EuY3J0MEUGCCsGAQUFBzAChjlodHRwOi8vTkxQUFNFQ1NDQTAxL0NlcnRF bnJvbGwvTlVDUFNFQ1JDQTAyX0FCQ1Jvb3RDQS5jcnQwDQYJKoZIhvcNAQELBQAD ggEBABpEc6rXRK+KT9vdVeUxv6H2rxwgnXiqWQLsLhJ/xoHw5lpO4mhgwOnf/h2l jxd5D2qsxezO8c0E0pqXU8miQbiDajA/JdXCplKYI72Q5orpa200mGZyvfnSXTbU +gYiGisCA3wwlyJGHxkoRM1p2xFzjxgo/dEGR6WUyj5bGVcppu4yzyez/ABVq19G RSClpH359fWJre3t3D4SvpNLmS3RufFU7WvAz6SUqdHfCLxpNDMl1vSPaC41W0qs kUg3GbQ9LkBkJgKWcawj+gLOApMj32YGzdMkbERxDauFB39/j3UdCINeTdXy5RDM HCYG+xsRiqHyS4ccaYXX2yKOCNk= -----END CERTIFICATE-----

Gekozen oplossing

The issuer of the signing certificate is "ABCRootCA" and this does not appear to be an authority recognized by Firefox. Or in other words, the signing certificate does not appear to chain all the way up to a trusted root.

If you want Firefox to trust certificates signed by "ABCRootCA" you'll either need to:

(1) Import the signing certificate into the Authorities tab of Firefox's Certificate Manager.

The steps for that are in this thread: sec_error_bad_signature only via proxy for https website.

It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.

(2) If the signing certificate is in the Windows certificate store (for example, IE and Chrome trust it), you could set Firefox to trust everything that Internet Explorer trusts by having it check for authority certificates in the Windows certificate store.

This is easier, but the downside is that any successful attack on the Windows certificate store (bogus authority certificates inserted there by malware) will affect Firefox, too.

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(B) In the search box above the list, type or paste root and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again.

Dit antwoord in context lezen 7

Aanvullende systeemdetails

Geïnstalleerde plug-ins

  • Shockwave Flash 27.0 r0
  • 5.1.50907.0

Toepassing

  • Useragent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0

Meer informatie

jscher2000
  • Top 10 Contributor
8792 oplossingen 71906 antwoorden

Gekozen oplossing

The issuer of the signing certificate is "ABCRootCA" and this does not appear to be an authority recognized by Firefox. Or in other words, the signing certificate does not appear to chain all the way up to a trusted root.

If you want Firefox to trust certificates signed by "ABCRootCA" you'll either need to:

(1) Import the signing certificate into the Authorities tab of Firefox's Certificate Manager.

The steps for that are in this thread: sec_error_bad_signature only via proxy for https website.

It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.

(2) If the signing certificate is in the Windows certificate store (for example, IE and Chrome trust it), you could set Firefox to trust everything that Internet Explorer trusts by having it check for authority certificates in the Windows certificate store.

This is easier, but the downside is that any successful attack on the Windows certificate store (bogus authority certificates inserted there by malware) will affect Firefox, too.

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(B) In the search box above the list, type or paste root and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again.

The issuer of the signing certificate is "ABCRootCA" and this does not appear to be an authority recognized by Firefox. Or in other words, the signing certificate does not appear to chain all the way up to a trusted root. If you want Firefox to trust certificates signed by "ABCRootCA" you'll either need to: (1) Import the signing certificate into the Authorities tab of Firefox's Certificate Manager. The steps for that are in this thread: [https://support.mozilla.org/questions/1068675 sec_error_bad_signature only via proxy for https website]. It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security. (2) If the signing certificate is in the Windows certificate store (for example, IE and Chrome trust it), you could set Firefox to trust everything that Internet Explorer trusts by having it check for authority certificates in the Windows certificate store. This is easier, but the downside is that any successful attack on the Windows certificate store (bogus authority certificates inserted there by malware) will affect Firefox, too. (A) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (B) In the search box above the list, type or paste '''root''' and pause while the list is filtered (C) Double-click the '''security.enterprise_roots.enabled''' preference to switch the value from false to true I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again.

Nuttig antwoord

Thanks a bunch :)

Thanks a bunch :)