Firefox will not let me open my email provider
I have downloaded Firefox for Windows twice in recent weeks. Both times it tells me that my email provider (Fastmail.com) is not secure, so it's blocked. It does not give me the option of opening it anyway. I simply am blocked from my email. There is nothing wrong with Fastmail. I have used it for years, and it works fine on other browsers. This makes Firefox unusable for me. Thanks in advance.
Дополнительные сведения о системе
- User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
Please explain the problem in detail. What happens? What is the exact error messages?
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
It's a large, whole-page response that says the security certificate for Fastmail is no good, expired, or something like that. It does not provide me with a way to continue. It just stops Fastmail from opening. None of the links you included relate to the problem.
I cannot include a screen shot because I do not have Firefox downloaded. Thanks for the effort.
I have both Webroot and MalwareBytes on my computer, but they do not interfere with opening my Fastmail on other browsers.
There is no 'continue' or 'more information' button/link?
Taking a Screenshot; Windows > Start > search box > Snip. Select Snipping Tool. Use a compressed image type like PNG or JPG to save the screenshot. Save the picture(s) to your desktop. Press the Reply button. Then press the Add images; Browse button.
You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Fred: As I recall -- I do not currently have Firefox installed -- there was an "Advanced" button, but nothing permitted me to get to my email. Believe me, I tried.
I did contact Fastmail about it. They said the problem was on Firefox's end.
The "Advanced" button, would have given details about the problem.
I cannot include a screen shot because I do not have Firefox downloaded.
Please install Firefox if you want to troubleshoot this problem.
Fred: It did provide details, but it was still impossible to get into Fastmail.
Jscher: Oooooh, all right. Hold on.
Well, I'll be damned. Now it works. I downloaded FF a few months ago. Couldn't get into Fastmail. Did it again last week. Couldn't get into Fastmail.
But now I can. Problem solved. Magic.
Thanks for the help, odd as it was.
Whoops, just did it again. And the "Advanced" button offers no way to "add it to exceptions."
Third strike, so I'm outa here. Uninstalled again, and I'll stick with Chrome. Wish I did not have to, but ...
Fred: It did provide details, but it was still impossible . . .
You should have copied the information here so we could check it out.
Uninstalled again, and I'll stick with Chrome. Wish I did not have to, but ...
You aren't engaging with us on troubleshooting your Firefox, so you may never know if this could be easily solved.
Jscher, okay, you got me. Installed FF yet again, still get the same problem. Attached (I hope) are two screen shots. The first is the initial FF response. The second is what I get on clicking the "more information" button. There is no way to ignore the warning. It just won't let me into my email.
Go back and press the link View Certificate.
Copy everything and post it here.
On pressing View Certificate, a pop-up pops up. The screen saver will not work on a pop-up, however.
The pop-up does say "Issued to" Fastmail. And then it says "issued by" Adguard, which I have on my PC. I disabled Adguard, but the problem persists. Plus, Adguard does not block Fastmail on other browsers.
I meant screenshot, not screen saver, of course. FYI.
please refer to their help article on the subject: https://kb.adguard.com/en/windows/solving-problems/connection-not-trusted
Is Fastmail the only HTTPS site affected by this problem??
When you have a "man in the middle" intercepting your browsing and issuing fake site certificates, Firefox needs to be set up to trust them. That is because it uses an independent certificate store instead of sharing the Windows certificate store with IE and Chrome.
Here are two workarounds to get Firefox to trust all of the fake certificates Adguard or another "man in the middle" will generate:
Option #1: Import the Signing Certificate
If you import the program's signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.
Edit: See the link in philipp's reply: https://support.mozilla.org/questions/1253491#answer-1206316
(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome.
- This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
- The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location
Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849
(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificate(s) into the Firefox Authorities tab:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the security software's certificate.
(See Fourth and fifth screenshots in the above-linked post.)
When asked, I suggest allowing the certificate for websites only.
It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.
Option #2: Trust all Signing Certificates in the Windows Cert Store
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(B) In the search box above the list, type or paste enterp and pause while the list is filtered
(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.
The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system; it's more of an issue on a home system.
Do either of those work for you?
Jscher: Whoa! Your solution is way above my tech pay grade.
Phillip: The Adguard page you refer to is nowhere to be found on my Adguard account or anywhere else that I can see. I'm going to contact Adguard about this. They're pretty good about responding.
Later, and thanks to all.