You can click the "Advanced" button to expand this section and show extra details. If the certificate is not trusted because no issuer chain was provided (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste this base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.

• https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

There is security software that intercepts secure connections and sends their own certificate or that incorporates special web shielding features that can block content.

• always be cautious when you get an 'Untrusted' error message
• never create a permanent exception without investigating the cause and only use this to inspect the certificate

Here's what I get for google.com: https://www.google.com/?gws_rd=ssl

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: true

Certificate chain:

MIIDkTCCAnmgAwIBAgIRAOm+aqA/MrSoJxHKThixNOMwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxGTAXBgNVBAsTEHd3dy5hZGZlbmRlci5jb20xFTATBgNV BAoTDEFkRmVuZGVyIEluYzEZMBcGA1UEAxMQQWRGZW5kZXIgUm9vdCBDQTAeFw0x NzEyMDUwOTUwNTZaFw0xODAyMjcwOTI4MDBaMEsxGTAXBgNVBAsMEHd3dy5hZGZl bmRlci5jb20xFTATBgNVBAoMDEFkRmVuZGVyIEluYzEXMBUGA1UEAwwOd3d3Lmdv b2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM8NR/a94u rEUAIT5KgUFlZTu0+U8K3YFGfcEzgQVTixjZTtFpKydEsrecRD0gW5n7pL17MG/T e44mInLzuFhs6uderRthZxEFRVH8ialRvPmSUiKwOVGusORelrUrJm4ci7oVENMK dStWhTLoRPMdIGrhTy6pen0YpoCI7WBmd9yx6gabWBXC1mEeTpvQ4X/Z60nnMwYn VWwTjU3lRoie+kP+VrgfovWj1TlYL+hdaa/mWhbEkOeuSAqbTnJgRfqXNpiLoXt8 IOaENTiTu3xipy3veEgxQFyeZhU0LBDs7QSo2ZiCFRFFeINotsF1/f9R8t/AUFwF vw09reWIJjnfAgMBAAGjYTBfMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMAwG A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAU9gth sjh7F3R8PQ3LDaMwfSaw9/0wDQYJKoZIhvcNAQELBQADggEBAHBsfyUQ+bSr2bIk 71aJpMZqg3KdJ3bchzbpB0fKbSYY/nPABjCZpRkAHnrpMU6ZUUL3Oiu+4xS5V3NG iI3Y34J2qW/PbTfJgKTEAHpQkmTwGLUg1NkhjAOPlPDlfBaov1+9YNF+irOE4299 g5pJ41Nmdr8vLysZQ3+VbRsdn/UA+7BqeG53x3cac6CfLAaZTHRuJGGP1aFh3bQ+ slhTKo57f5YzdJLIOV0FKTUj7qYVibo2aF2ga59hS+KRjzBOxa+LCFZk8rbyfw3D F2h6frrqc2cMFwrU/o+I8UhQ21KiHcrnV1EBPBYXQ1P9ElZWkNlOTXT6SZZAIGUt Bh8uuWI=

And here is what happens when I do a search: https://search.yahoo.com/yhs/search?p=firefox+forums&ei=UTF-8&hspart=mozilla&hsimp=yhs-002

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true HTTP Public Key Pinning: false

Certificate chain:

MIIHSzCCBjOgAwIBAgIRAIqpFo21QOfMbspfsxkrtoowDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxGTAXBgNVBAsTEHd3dy5hZGZlbmRlci5jb20xFTATBgNV BAoTDEFkRmVuZGVyIEluYzEZMBcGA1UEAxMQQWRGZW5kZXIgUm9vdCBDQTAeFw0x NzExMzAwMDAwMDBaFw0xODAxMTYxMjAwMDBaME8xGTAXBgNVBAsMEHd3dy5hZGZl bmRlci5jb20xFTATBgNVBAoMDEFkRmVuZGVyIEluYzEbMBkGA1UEAwwSKi5zZWFy Y2gueWFob28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyw04 csuuHWVlpFwd56mR0TdeOPO74tSOu6OcGjCFreZiYNnkaKEcvAPe1RevW9+WUCQK atIxBqaVxBu1Oddhn08hJforYnLGyv8s9u/8cSxk0mCP8ycqHOHXG+8hlgLOY1N+ qAG0GjhlE3/SWpNgkLdx3FU8CuKA7HqjanLoMlQHMSNnLR5/5FGUUr7tP3Msjdir Zahz+ByWw2djTrkJz3S6H+68XezMFzvYOY0NCHv6DbZp+xLJN3jO8eSQZ7wGlkdH oZTdxW+CuzLAKZ1aslpqgZPIIa+O4No2GiPD0nj05tuIq0JcIRUzXFPFMxffGB0K ZLy5QItiVVqJhKqqUwIDAQABo4IEFTCCBBEwggPJBgNVHREEggPAMIIDvIISKi5z ZWFyY2gueWFob28uY29tghBzZWFyY2gueWFob28uY29tghBzZWFyY2gueWFob28u bmV0ghIqLnNlYXJjaC55YWhvby5uZXSCD2xvY2FsLnlhaG9vLmNvbYIRKi5sb2Nh bC55YWhvby5jb22CDm1hcHMueWFob28uY29tghAqLm1hcHMueWFob28uY29tgg5i b3NzLnlhaG9vLmNvbYIaKi5hbnN3ZXJzLnNlYXJjaC55YWhvby5jb22CGCouYXV0 b3Muc2VhcmNoLnlhaG9vLmNvbYIXKi5ibG9nLnNlYXJjaC55YWhvby5jb22CHCou Y2VsZWJyaXR5LnNlYXJjaC55YWhvby5jb22CHSouZGljdGlvbmFyeS5zZWFyY2gu eWFob28uY29tghoqLmZpbmFuY2Uuc2VhcmNoLnlhaG9vLmNvbYIYKi5mb3J1bS5z ZWFyY2gueWFob28uY29tghgqLmdhbWVzLnNlYXJjaC55YWhvby5jb22CGSouaW1h Z2VzLnNlYXJjaC55YWhvby5jb22CHCoua25vd2xlZGdlLnNlYXJjaC55YWhvby5j b22CHCoubGlmZXN0eWxlLnNlYXJjaC55YWhvby5jb22CGCoubG9jYWwuc2VhcmNo LnlhaG9vLmNvbYIXKi5uZXdzLnNlYXJjaC55YWhvby5jb22CGSoubW92aWVzLnNl YXJjaC55YWhvby5jb22CGioucmVjaXBlcy5zZWFyY2gueWFob28uY29tghgqLnNo aW5lLnNlYXJjaC55YWhvby5jb22CGyouc2hvcHBpbmcuc2VhcmNoLnlhaG9vLmNv bYIZKi5zcG9ydHMuc2VhcmNoLnlhaG9vLmNvbYIVKi50di5zZWFyY2gueWFob28u Y29tghgqLnZpZGVvLnNlYXJjaC55YWhvby5jb22CE3lib3NzLnlhaG9vYXBpcy5j b22CEXlzcC55YWhvb2FwaXMuY29tgg8qLnlzbS55YWhvby5jb22CD3NvbG8tc2Vh cmNoLmNvbYIRKi5zb2xvLXNlYXJjaC5jb22CGXBhcnRuZXJpbnNpZ2h0cy55YWhv by5jb22CHWFwaS1wYXJ0bmVyaW5zaWdodHMueWFob28uY29tgg5zZWFyY2guYW9s LmNvbYIQKi5zZWFyY2guYW9sLmNvbYIQcmVjaGVyY2hlLmFvbC5mcoINc2VhcmNo LmFvbC5jYYIQc2VhcmNoLmFvbC5jby51a4IMc3VjaGUuYW9sLmRlMAwGA1UdEwEB /wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAU9gthsjh7F3R8 PQ3LDaMwfSaw9/0wDQYJKoZIhvcNAQELBQADggEBADOh/yUVxucJ85xtY3/4A2en 1Bnq2OlSJIpx6eF/5FNwlMwxeWnbjK1/09mojoVkKGMr3SMrxgJRE9VYD05xeDnc DLLFop4vkDmgxmPaNdhkY8uTBmvZdlIMV9C8YFn5Q48tP4BgU+NxdbZZocjagh1R TcVpy4xlmg02vCf2addk5ZQsYDIEZaaBERS8gUPTlgybW8ek8mUirRmEergmjWon BYnMZrUwGJWCfB29YQMJT1z61a4YiPClj0+km1PICb0y+KRrGPJR56end1QY/scY 43wtR7d87LjW+hRkKk2ZZZGxsZ5BYuOp2dOy+IXCbSU++rAoC4uWM+yBORInY/8=

Running version 53 is not supported and is insecure. Please switch to the ESR version 52.5.0 ESR. It will continue to get security updates until May 2018, and you can download and install it from this page: https://www.mozilla.org/en-US/firefox/organizations/all/

Uninstall then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86)

Note : Legacy Extensions will be deleted or removed in any version update after May 2018.

https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer Can have then for ever. Mine started in 95. Copy over and replace older ones.

You should make a backup of your Profile before going back and just because: https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles

Please let us know if this solved your issue or if need further assistance.

I'm running version 57.0.2 on the laptop. I am running version 53 on my Windows 7 desktop PC. It is version 57 on the laptop that is giving me the problems.

taherte said

I installed the latest version of Firefox on my new Windows 10 laptop. Some sites including google.com and some Mozilla pages are giving me "your connection is not secure" errors. I do not get those errors on the laptop with IE or Edge, and I do not get the errors on my Windows 7 desktop PC running an earlier version of Firefox. I had FF set to be the default browser on the new laptop so out of frustration I uninstalled FF. What could be causing these messages on reputable websites?

Not sure what is going on here but I got FF57x64 install on both laptop and desktop that Win10x64 FCU 1709 and google set as home page and have no such issues as your getting. What Firewall and A/V are you using here?

The laptop came with McAfee pre-installed but I removed it and installed Norton Internet Security before installing Firefox.

The certificate is issued by AdFender Inc.

• Subject OU=www.adfender.com, O=AdFender Inc, CN=www.google.com
• Issuer C=US, OU=www.adfender.com, O=AdFender Inc, CN=AdFender Root CA

You will have to check if you have software from this company installed.

Thank you for your help. Yes, I have an ad blocker from Adfender installed. It is the only way I can read the on-line newspaper because of all the advertising. So is there something I need to do to fix the problem or do I have to contact Adfender? I don't understand where I go from here.

If it works in another browser then you can check the certificate chain and export the root certificate in that browser and import the certificate in the Firefox Certificate Manager.

• Options/Preferences -> Privacy & Security -> Certificates: View Certificates

You can set this pref to true on the about:config page to import root certificates from the Windows certificate store if this software uses that store.

• security.enterprise_roots.enabled = true

Thanks again for your help. I kind of understand the import to Firefox instructions but you lost me with the "check the certificate chain and export the root certificate in that browser". I'm just an ordinary PC user and know very little about security and certificates.

cor-el has given you the two possible solutions, but to connect the dots:

Your ad blocker is operating as a "man in the middle," intercepting and reading each communication you make to all websites. (Unless it lets you make exceptions for specific sites.) In order to read a secure connection, it needs to generate a fake certificate for that site. Firefox is not fooled, and objects to the certificate.

There are two workarounds:

(1) Set up Firefox to trust all the fake certificates. This is done in one step. The man in the middle uses a single certificate to sign all of the fake site certs, so you import the signing cert to Firefox's Authorities list and from then on, Firefox will accept any fake cert signed by the filter.

(2) Set Firefox to trust what Windows trusts, by using the system certificate store shared by IE and Chrome. The downside of this is Firefox will be fooled by any future man in the middle that injects its signing certificate into the Windows certificate store, whether that is a product you intentionally install or malware.

Hope that helps, but please follow up with any questions.

Well, no sooner did I post that comment and I found something in Internet Explorer options for exporting root certificates. I'll give that a try tomorrow and cross my fingers. Thanks again.

taherte said

I kind of understand the import to Firefox instructions but you lost me with the "check the certificate chain and export the root certificate in that browser".

Here's an example from a past thread. The Options page layout has changed, so you can use the search box at the top to find the certificate section.

sec_error_bad_signature only via proxy for https website

Thanks everyone for your help. I hate to admit it but most of this goes over my head. Nevertheless, you provided clues that helped me resolve the problem. I went to the Adfender support page and found a topic on "browser displays untrusted certificate errors". There were instructions there on how to download the Adfender root certificate. I followed those instructions and FF was then able to connect to google with no errors. Thank you!

Thank you for reporting back. It's great when vendors have the solutions!

cor-el said

You can click the "Advanced" button to expand this section and show extra details. If the certificate is not trusted because no issuer chain was provided (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste this base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.

• https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

There is security software that intercepts secure connections and sends their own certificate or that incorporates special web shielding features that can block content.

• always be cautious when you get an 'Untrusted' error message
• never create a permanent exception without investigating the cause and only use this to inspect the certificate

While you can 'Copy to Clipboard', you cannot send a message or reply to Mozilla, because every Mozilla URL is blocked! This certificate behavior began today, 3/13/2018, at 11:15 AM. These sites worked fine last night! What did Mozilla do to Firefox overnight to have caused this change? Why would they block their own support sites?

Hi m_wheeler1121, did you install the Firefox 59.0 update today? Normally updates do not cause this issue, but we should just proceed with the standard investigation.

Since the error page on the Mozilla Support site (your second screenshot) does not show the coded version of the certificate, you may need to investigate using a different site that is a little less demanding with its security. For example:

https://www.userchrome.org/

Do you get the error there?

Assuming so: click the Advanced button, then click the "Add Exception" button (see first screenshot below). We're not really going to add an exception, but we can get a better view of the certificate here.

In the Add Exception dialog, click the "View" button to pop up a certificate viewer. The interesting part is the "Issued by" section. I've marked that on the second screenshot for reference.

On my site, the "Issued by" section shows me "Let's Encrypt Authority X3". What do you see there?

(These example screenshots are from a test page, not my site)

Thanks for the quick reply, jscher2000. Here are the answers to your questions:

I am running Firefox 58.0.2. 64-bit. The Help About dialogue says that Firefox is up to date. No updates appear to have been installed between yesterday and today.

I am unable to view this forum in Firefox, due to the certificate problem. I am replying using Opera web browser, which is based on Chrome.

I have followed your suggestions. Screen shots have been captured, and are included here. Please let me know what they help you learn. Thanks!

Hi m_wheeler1121, thank you for the screenshot. It indicates that AVG Webshield is intercepting your connection. Do you want to keep using that feature? If so, you will need to set up Firefox to trust all the fake certificates AVG generates.

There is some new connection between AVG and Avast, so I'm not sure of the latest way to install the AVG/Avast signing certificate into Firefox. You might want to ask on their forums.

If you do not care to use this feature, you can go into the WebShield settings and either make an exception for all secure/HTTPS connections, or see if you can make an exception for Firefox.