Firefox 143 (Fedora distribution) throws SEC_ERROR_UNKNOWN_ISSUER error on many websites
When trying to access many popular websites with Firefox on my Fedora 43 installation, I am greeted with a security warning page with the SEC_ERROR_UNKNOWN_ISSUER error. For most of these websites I can simply accept and continue, but HSTS-only sites will not permit this.
Affected websites include but are not limited to (based on exceptions in the certificates section of Firefox settings):
- github.io (many subdomains)
- purdue.edu (many subdomains)
- iu.edu
- ebay.com
- cbsnews.com
- iwm.org.uk
- home.cern
- celestrak.org
Any help in resolving this is appreciated.
All Replies (3)
If you use the View Certificate link (sometimes, this requires clicking the Advanced button), is there any pattern to the issuer, such as a proxy server or security software vendor?
They all seem to be issued by dedicated certificate companies, though almost all use Sectigo certificates (the .edu ones use InCommon).
Usually the View Certificate page has multiple tabs. You could start with the right-most tab and see whether that ultimate signing certificate is listed as trusted here as a Builtin Object Token:
Settings page > type cert in the tiny search box to filter the page > View Certificates button > Authorities tab
Or if Firefox is set to use the system certificate store (checkbox for "Allow Firefox to automatically trust third-party root certificates you install") perhaps you need to check somewhere else on the system (I'm not familiar with how Linux handles it).
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.