Regular websites untrusted since refreshing firefox. I deleted cert8.db; time settings are fine, but is still not working. What to do?
Firstly got error message saying something is preventing Firefox from updating with request to refresh Firefox. So I did. Result is common websites like google and mozilla's own websites not opening because "Connection Untrusted" - (Error code: sec_error_unknown_issuer). I work on Mac OS X 10.10.2 Did delete the cert8.db in Profile folder a couple of times, but is not working. Time settings are fine. Deleted the entire browser app and reinstalled anew; same issue occurring. What's happening? And more importantly, how can this be fixed?
Chosen solution
Aha, do you see AVAST in there under the certificate issuer?
Your Avast security software is intercepting your browsing to filter it for threats. In order to filter secure connections, Avast creates these fake certificates and presents them to your browsers. Since Firefox uses a separate certificate file from Safari, Firefox needs to be set up to trust Avast to generate these certificates.
Now... in theory, Avast is supposed to update Firefox automatically when you exit out and start it up again. I'm assuming you have quit Firefox since this problem started but, if not, give that a try.
If that doesn't work, you or a volunteer would need to research the steps to get the Avast signing certificate into Firefox.
Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.
Read this answer in context 👍 4All Replies (8)
On firefox click settings then click OPTIONS > click Advanced, click Network. Click settings & choose "Auto-detect proxy setting for this network. Click OK & OK again. Now goto certificates and choose select one automatically.Restart firefox & try to search google or yahoo. Hopefully it would work now.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
- Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
- Click the "View" button and inspect the certificate and check who is the issuer of the certificate.
You can see more details like the intermediate certificates that are used in the Details tab.
Who is the issuer of the certificate?
If you can't inspect the certificate via "I Understand the Risks" then try this:
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
- retrieve the certificate via the "Get certificate" button
- click the "View..." button to inspect the certificate in the Certificate Viewer
Check who is the issuer of the certificate.
Just to be sure: We have seen reports that the time as set via an internet based time service was so much out of sync that an error occurs, so if that is the case with your current service then try to switch to another time service.
You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Hi, thanks for your replies.
@ premm krishna shenoy: Changing the proxy detecting settings to automatic; did not really do anything. The problem is also not with every website, just major ones like google and even mozilla's own website are untrusted. But 'smaller' website work fine.
@ cor-el: Cannot do the "I understand risk" thing because it doesn't offer me the option, so followed the chrome URI route; however after trying this on google it still doesn't work and so it continues to not trust it regardless of whether I specifically tell it to trust it. Time zone is the standard Apple time-zone determination, which is corresponding to every clock I come across here.
Can you at least inspect the certificate via the chrome:// URI?
Can you attach a screenshot?
- http://en.wikipedia.org/wiki/Screenshot
- https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB
Most definitely. I uploaded a screenshot.
As you can see in the screenshot the certificate is issued by your Avast security software.
You can disable HTTPS scanning in Avast Web Shield.
Chosen Solution
Aha, do you see AVAST in there under the certificate issuer?
Your Avast security software is intercepting your browsing to filter it for threats. In order to filter secure connections, Avast creates these fake certificates and presents them to your browsers. Since Firefox uses a separate certificate file from Safari, Firefox needs to be set up to trust Avast to generate these certificates.
Now... in theory, Avast is supposed to update Firefox automatically when you exit out and start it up again. I'm assuming you have quit Firefox since this problem started but, if not, give that a try.
If that doesn't work, you or a volunteer would need to research the steps to get the Avast signing certificate into Firefox.
Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.
Thanks cor-el, that did work. Although I'd be happy to find the correct avast authorisation certificate for Firefox to ingest so that https websites too can still be monitored...
jscher2000 said
Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.
Did try this earlier today, but it did not change anything really...