OK this was caused by a suggestion from jscher2000 on mozilla support as a way of stopping two master password request boxes from opening when Firefolx opens - to set enterprise roots enabled to 'false'. It did stop the double password request boxes but made secure sites unavailable. Changing the Avast settings as he suggested did not help. Set the above to 'true ' and I can access all my sites, but have the double master password boxes again :(

I have marked your reply as a solution, but was this issue arising from a change of that setting in Thunderbird config editor, or in the Firefox about:config page. I just don't understand how a change to the Firefox setting could affect Thunderbird as you say.

Ouch, sorry I was in the wrong forum (due to a previous bookmarked topic I guess). This was solely a Firefox issue.

Hi dougjp, if you click the Advanced button on the untrusted connection error page, what code are you getting? This article covers many of the common ones: How to troubleshoot security error codes on secure websites.

If you use the View Certificate button, do you get a little popup showing the certificate info -- including the Issued by section -- or a blob of gibberish? You can copy/paste the gibberish here for decoding.

dougjp said

Ouch, sorry I was in the wrong forum (due to a previous bookmarked topic I guess). This was solely a Firefox issue.

I am not sorry, I learned something that might help with avast in Thunderbird. So I will not complain at all.

dougjp said

Ouch, sorry I was in the wrong forum (due to a previous bookmarked topic I guess). This was solely a Firefox issue.

jscher2000 said

Hi dougjp, if you click the Advanced button on the untrusted connection error page, what code are you getting? This article covers many of the common ones: How to troubleshoot security error codes on secure websites. If you use the View Certificate button, do you get a little popup showing the certificate info -- including the Issued by section -- or a blob of gibberish? You can copy/paste the gibberish here for decoding.

Hi and thanks for the fast response. After changing back to 'false' in order to get rid of one of the master password boxes as mentioned before, again I get the insecure connection failure on secure sites. Clicking on 'Advanced' gives ' Error code: SEC_ERROR_UNKNOWN_ISSUER '. I don't see a View Certificate button, where would it be? I see in Options, Privacy and Security a View Certificates choice at the bottom which brings up a Certificate Manager with 4 headings areas. Nothing seems specific to the insecure connection page. I can right click on the page and view page source? Sorry, kinda lost at the moment.

dougjp said

Error code: SEC_ERROR_UNKNOWN_ISSUER '. I don't see a View Certificate button, where would it be?

Usually just below the code if you have Firefox 66 (first screenshot attached). Or with any recent version, click the code itself to open a section with the encoded certificate (second screenshot attached).

Thanks. I'm using 60.6.1 esr which is up to date. Further info for what its worth, I've run Malwarebytes and Emsisoft, both show nothing, I don't have a problem with these secure sites when using Opera. I have the same double boxes for master password sign-in with the same Firefox version on another computer, also a fairly recent new issue that probably started at the same time. I'm thinking perhaps an update to ESR? Perhaps I have to update away from ESR but I don't want to... Anyway, here is the View Certificate info; https://finance.yahoo.com/portfolio/p_0/view/v2

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true HTTP Public Key Pinning: false

Certificate chain:

MIILjjCCCnagAwIBAgIQDckLjNQrlcLanZAQJrWn+jANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0xOTA0MjIwMDAwMDBaFw0xOTA2MDYxMjAwMDBa MF8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlT dW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMRQwEgYDVQQDDAsqLnlhaG9vLmNv bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIMUKctEmyPlEUlNNcjNvoy2H6Cs bqu+vK7vSImpwBUdqkjJQAialCXdBq4SqugFJF2GxzpOsxMtD46yBIPWAvSjggj+ MIII+jAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQU Zte/JE+EM4IwF1BxKRPJO96xlLwwggYlBgNVHREEggYcMIIGGIILKi55YWhvby5j b22CB2ZsaWMua3KCCmZsaWNrci5jb22CCXltYWlsLmNvbYIKcy55aW1nLmNvbYIZ Ki5mYW50YXN5c3BvcnRzLnlhaG9vLmNvbYITKi5hbnN3ZXJzLnlhaG9vLmNvbYIU Ki5jYWxlbmRhci55YWhvby5jb22CDCouZmxpY2tyLmNvbYISKi5ncm91cHMueWFo b28uY29tghAqLm1haWwueWFob28uY29tgg8qLm1zZy55YWhvby5jb22CCyoueW1h aWwuY29tghMqLmZpbmFuY2UueWFob28uY29tghAqLm5ld3MueWFob28uY29tghEq LnZpZGVvLnlhaG9vLmNvbYINKi5tLnlhaG9vLmNvbYIOKi5teS55YWhvby5jb22C Eiouc2VhcmNoLnlhaG9vLmNvbYISKi5zZWN1cmUueWFob28uY29tgg8qLnlhaG9v YXBpcy5jb22CEyoubWcubWFpbC55YWhvby5jb22CHSouYXBpLmZhbnRhc3lzcG9y dHMueWFob28uY29tghEqLmF1dG9zLnlhaG9vLmNvbYITKi5jcmlja2V0LnlhaG9v LmNvbYIiKi5mb290YmFsbC5mYW50YXN5c3BvcnRzLnlhaG9vLmNvbYIRKi5nYW1l cy55YWhvby5jb22CFSoubGlmZXN0eWxlLnlhaG9vLmNvbYISKi5tb3ZpZXMueWFo b28uY29tghEqLm11amVyLnlhaG9vLmNvbYIRKi5tdXNpYy55YWhvby5jb22CEiou c2FmZWx5LnlhaG9vLmNvbYISKi5zY3JlZW4ueWFob28uY29tghEqLnNoaW5lLnlh aG9vLmNvbYISKi5zcG9ydHMueWFob28uY29tghIqLnRyYXZlbC55YWhvby5jb22C DioudHYueWFob28uY29tghwqLndjLmZhbnRhc3lzcG9ydHMueWFob28uY29tghMq LndlYXRoZXIueWFob28uY29tghMqLm5vdGVwYWQueWFob28uY29tgg4qLnByb3Ry YWRlLmNvbYIPKi55cWwueWFob28uY29tghIqLnN0YXRpY2ZsaWNrci5jb22CESou d2MueWFob29kbnMubmV0ghEqLmRlYWxzLnlhaG9vLmNvbYIQKi5oZWxwLnlhaG9v LmNvbYIVKi5jZWxlYnJpdHkueWFob28uY29tghQqLmF1Y3Rpb25zLnlhaG9vLmNv bYIPKi55YnAueWFob28uY29tgg8qLmdlby55YWhvby5jb22CFSoubWVzc2VuZ2Vy LnlhaG9vLmNvbYIUKi5hbnRpc3BhbS55YWhvby5jb22CDyoueXNtLnlhaG9vLmNv bYIZdmlkZW8ubWVkaWEueXFsLnlhaG9vLmNvbYIOd3d3LnR1bWJsci5jb22CCnR1 bWJsci5jb22CDmFwaS50dW1ibHIuY29tghcqLmdsb2JhbC1wb3AudHVtYmxyLmNv bYISKi50cmlwb2QueWFob28uY29tghAqLmlyaXMueWFob28uY29tghIqLm1vYmls ZS55YWhvby5jb22CGSoub3ZlcnZpZXcubWFpbC55YWhvby5jb22CGSoubWFpbHBs dXMubWFpbC55YWhvby5jb22CF3RlYXJzaGVldC5hZHMueWFob28uY29tgh1pbnZl c3RpbnlvdXJzZWxmLnlhaG9vLmNvbS5zZ4IVc2cuZmVhdHVyZWQueWFob28uY29t ghVoay5mZWF0dXJlZC55YWhvby5jb22CFHNnLmZlYXR1cmUueWFob28uY29tghRp bi5mZWF0dXJlLnlhaG9vLmNvbYIRKi54b2JuaS55YWhvby5jb22CF29uZXB1c2gu cXVlcnkueWFob28uY29tghthcGktb25lcHVzaC5xdWVyeS55YWhvby5jb22CIWFw aS5kaWdpdGFsaG9tZXNlcnZpY2VzLnlhaG9vLmNvbYIXY29tbXNkYXRhLmFwaS55 YWhvby5jb22CFWlkLmZlYXR1cmVkLnlhaG9vLmNvbYIcZ2FsbGVyeS50di53aWRn ZXRzLnlhaG9vLmNvbTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2lj ZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0 LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3 BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQu Y29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2Fj ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZl ckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA u9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFqRtDQUAAABAMARzBF AiBpGmFcUh8mprwl/LLcwkQ45pPdiVwB0gM9r9qCY6CJngIhAJ99jp+CRyHZziK4 snMr46HhziD0suS7fAdon+ncDmQhAHcAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVg wbTq/16ggw8AAAFqRtDRYQAABAMASDBGAiEAo5xHeCZ2si0+NEFb/cg1UcEuG+Oe o9XmVp8w9GJ5GwcCIQDLVDxRMwSj/8lOqDcRo9Dt99Zw/i0kWrqJuU/PMn+C9zAN BgkqhkiG9w0BAQsFAAOCAQEAn65V+yGiGu0iv3GgW6cpg7+NY8dvST65yt4XCmlU o9xoCyl7UpzVgRq/Z1b6dEZTY2Qgag8ivnk9ZsToKJTDc8GFSFg6GtpaUH6UFro8 xEozzPiKLq6P9NXYuKAwlI36Kgj66Pz87iW9D2PTtTTqCXNq176tBxQi4ZCqHGnL Z20U78170+i30CS75aDiJsvplskidrLLUItejzjP/wuNCGWf55O1arhLsIz+a+JZ sMcqGdrrrSlkOQkKcwl0NXQUaIgwPTf8YMkcz4XEhjq1c2PgQ2LN3GU0xqP4xXF1 TAuvfpTT5PZ/Ah97TbZjz4f5e1QBltviA8RGK2B1IULodA==

MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2 4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1 itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn 4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly /D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF 0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae cPUeybQ=

Hi dougjp, those certificates look correct. I suggest removing the cert9.db file and letting Firefox regenerate it with just the built-in root certificates. This thread has the steps for that: What do the security warning codes mean? -- in the "Corrupted certificate store" section near the end.

Yeah! Thanks so much, this solved the problem, on both computers. By the way I noticed I had a cert8.db file with a much different date than cert9.db, and after rebuild both are fresh.