Firefox will no longer open Google without a "This Connection is Untrusted" error, and no option to get a temporary certificate is available.
This problem popped up for the first time a few months ago. but I was able to work around it by by clicking on "I understand the risks" on the "This Connection Is Untrusted" warning page, and then by adding a security exception. That fix would work for random lengths of time... sometimes for days, sometimes for minutes. Now, after updating to the latest version of Firefox, I get the same security warning but the option to click "I Understand the Risks" is gone. I get this error message on the technical details page: (Error code: sec_error_unknown_issuer
I have done everything listed here many, many times: https://support.mozilla.org/en-US/kb/connection-untrusted-error-message I mean everything. Delete cert.db, start in safe mode, empty cache, delete and reinstall.... Nothing works.
Your help would be greatly appreciated!
Chosen solution
In Firefox, you need to import into Authorities. The certificate usually will have a .cer extension.
Read this answer in context 👍 4All Replies (20)
I do not have a folder of old FF data. I do not believe I have ever gotten that folder from a refresh.
I looked for Kaspersky certs and found none. I opened the folder you suggested and did not find the AVP15.0.1 folder, but an AVP16.0.0. I imported the fake cert. from that folder to FF, restarted, reopened FF (creating a new profile since my profile was missing/inaccessible) and google/yahoo are not allowed (untrusted).
Hi rickthomas, there seems to be a more serious problem on your system that it cannot retain Firefox files. When you created a new profile, it didn't have the certificate you imported into the previous profile, so this is an infinite loop of blocked access that needs to be resolved by first figuring out why Firefox data files keep getting deleted.
Same thing is happening for me. Seems to have happened after I refreshed firefox. What if I follow those steps but there is no "Kaspersky Anti-Virus Personal Root Certificate"? (I do have Kaspersky).
Hi mnsissy, do you mean you were able to find the Kaspersky folder where the cert should be and it's missing, or that folder can't be found at all?
I'm sure there is another way to extract the certificate, for example, to export it from the Windows certificate store used by IE and Chrome.
Or you could go into the Old Firefox Data folder on your desktop and pull out your old Firefox certificate store and use that in place of the new one that Firefox created as part of your Reset. This would "roll back" your certificate store to the time of your Reset. Perhaps that's the easiest thing to try.
Part 1: Locate the old cert8.db file in Old Firefox Data
Open the Old Firefox Data folder and it should contain one or more semi-randomly-named folders. If there's only one, go ahead and click into it. If there are multiple folders, find the one that has the most recently updated files in it.
In that old profile folder, you should find a file named cert8.db (it's possible that Windows hides the .db part, but there is only one file with cert8 in the name).
Keep this window open, and then...
Part 2: Open your current Firefox profile folder to receive the file
You can use either
- "3-bar" menu button > "?" button > Troubleshooting Information
- (menu bar) Help > Troubleshooting Information
- type or paste about:support in the address bar and press Enter
In the first table on the page, click the "Show Folder" button. This should launch a new window listing various files and folders in Windows Explorer.
Keep this window open, and then...
Part 3: Completely exit out of Firefox
Switch back to Firefox and Exit, either:
- "3-bar" menu button > "power" button
- (menu bar) File > Exit
Pause while Firefox finishes its cleanup, then if you are looking at the more recently opened folder, your current profile folder, you can locate the cert8.db file and right-click>Rename it to something like cert8old.db just in case you need it later.
Part 4: Copy in the old file
In the old profile folder, right-click>copy the cert8.db file. Then right-click>Paste on a blank area of the new profile folder.
Finally... Start Firefox up. If you restore your session (e.g., History > Restore Previous Session) can you get into Google?
Attached is the message that I receive when I try to open cert8
Hi mnsissy, you wrote:
Attached is the message that I receive when I try to open cert8
Do not try to open that file. It's not something you can read/edit.
The process is to open two different folders, rename the newer/smaller cert8.db and then copy the old cert8.db into that folder so Firefox uses it in its place. If I wasn't clear about a particular step, please let me know.
It worked! TY soooooooooo much!
I have same problem but with a twist. I can load translate.google.ca without problems but if I select the url that should give me maps directly, that being google.ca/maps, I get certificate problem as others are having. If I load the url for www.google.com it loaded without incident. Then I used to be able to select their menu to load maps, and it worked every time. Just after this initial post I now have the certificate issue getting into google.com as well, hence the necessary edit. This is madenig. If I go out and check through Options UI at the certificates under The UserTrust Network, it shows that the certificate for www.google.com expired on 14/03/2014. The certificate that seems to be causing the hairball, is one called AO Kaspersky Lab, supposedly issued by www.google.com, and expiring 22/02/2016. Images are attached if they help at all. Also, I have Kaspersky AV version 16.0.0.614(d) in my system. I would really prefer to load maps directly as it takes less time. I have looked this thread over and tried some of the suggestions offered and not really helping. Thanks.
Modified
If the certificate is issued by your Kaspersky security software then you have two options:
- disable scanning secure connections in Kaspersky
- install the Kaspersky root certificate.
When prompted set the trust bit to use the certificate to "Trust this CA to identify websites"
http://support.kaspersky.com/us/9093#block1
http://support.kaspersky.com/us/9927#block1
alright then I will try what core-el has suggested and see what that does. thanks
My Kaspersky AV 2016 is a bit different than described but is worked through it OK. I installed a new certificate from Kaspersky and using FF 42 Certificate Manager I deleted the old one and imported the new under "Authorities". I set the trust as advised. No need to create an exception for google as there is a valid certificate there once I figured out who CA was. Tried loading the maps url and it worked, so I set KAV back to scan encrypted connections upon request from protected components which its default setting. Tested the setup several times and it works. Thank you cor-el for your assistance. Greatly appreciated.
Hi Brian
Can you post the steps for Kaspersky 2016, so other can use this information?
Using Kaspersky AV 2016 main user interface. 1. Click "Settings" icon in lower left corner. 2. Click "Additional" 3. Click "Network" 4. Scan Encrypted Connections upon request .. must be enabled to work and should be left as such. 5. Click "Advanced Settings" 6. Click "Install Certificate" button. 7. Click "Next ->" 8. When it is downloaded click "Finish" and exit KAV.
Under WinXP Pro SP3 the file is located in following path: Documents and Settings\<user name>\Applications Data\Kaspersky Lab\AVP 16.0.0\Data\Cert\ . (You might have to change folder settings in WinXP so that you can access and import the file into FF).
File name is (fake)Kaspersky Anti-Virus Personal Certificate.cer and has file date of 17/10/2015.
Using Certificate Manager in FF42.0, if you find AO Kaspersky Lab under Servers tab delete it, then import the new Kaspersky root certificate under Authorities. Make sure you Edit Trust as cor-el gave previously and once you close and restart browser google maps will work and for me does so every time now.
Note: Other Win versions may save the file in a different location.
Modified
I have the same problem. However I am able to connect to the internet without a proxy server. I have no family restrictions. I have replaced the cert8.db file in the current profile with the one in Old Firefox Data and I have imported GoogleInternetAuthorityG2.crt all to no avail. I'm out of ideas. There's no problem with Edge or Chrome. I have no problem connecting to Mozilla.org or opening https://Chase.com
Hi h_g, did you inspect a certificate on a site where you can do that and see whether Kaspersky is intercepting your connections?
If you do not use Kaspersky, or site certificates you inspect do not say they were issued by Kaspersky, please start a new question so we can explore what's going on with your Firefox. You can do that here:
https://support.mozilla.org/questions/new/desktop/fix-problems
Suggested articles and forum threads will appear; scroll down past those to continue with the form.
spwood said
This problem popped up for the first time a few months ago. but I was able to work around it by by clicking on "I understand the risks" on the "This Connection Is Untrusted" warning page, and then by adding a security exception. That fix would work for random lengths of time... sometimes for days, sometimes for minutes. Now, after updating to the latest version of Firefox, I get the same security warning but the option to click "I Understand the Risks" is gone. I get this error message on the technical details page: (Error code: sec_error_unknown_issuer I have done everything listed here many, many times: https://support.mozilla.org/en-US/kb/connection-untrusted-error-message I mean everything. Delete cert.db, start in safe mode, empty cache, delete and reinstall.... Nothing works. Your help would be greatly appreciated!
If this method of approach doesn't work, make sure you are not using Lightbeam to monitor tracking sites. This software is experiencing issues with SSL.
Thanks. My symptoms are the same as yours and so were my efforts to fix it. I disabled Lightbeam but that made no difference
Hi h_g, could you reply to my question in your thread here: https://support.mozilla.org/questions/1094777
The best solution I found to this is to reinstall version 39 and turn updates off. I cannot believe a browser is released with issues like these and so-called fixes provided that make it seem it's my problem the browser does not work. While I like Firefox, using another browser is also becoming a possibility to me.
Hi rickthomas, Firefox interacts with the Kaspersky filter the same way in Firefox 43 as it did in Firefox 39. Your Firefox probably had a different problem that was cleared when you uninstalled Firefox 40, cleared out various other things, and rebooted, as you described in this thread: https://support.mozilla.org/questions/1077730.
For the typical user, Firefox 39 is a poor solution because of the publicly disclosed security vulnerabilities in that version: https://www.mozilla.org/security/know.../firefox/. Using Kaspersky doesn't fix those problems in older versions of Firefox.