搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

Firefox wrongly thinks that my website is using an invalid security certificate.. any clues?

  • 12 回覆
  • 40 有這個問題
  • 3348 次檢視
  • 最近回覆由 RindaMarie

more options

I have recently installed a security certificate on my site. I tried various ssl checkers and the certificate seems to be fine. Firefox, however, does not like it and displays a warning page that says:

www.academi.pl uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is not trusted.

(Error code: sec_error_untrusted_issuer)

This happens on Windows, Mac and Linux machines in my office. I have also received a number of reports from site users who experience the same problem. It seems that the problem did not occur in firefox 7.x, but I have yet to verify it properly.

Does anyone knows a solution to that? I tried deleting certificates manually in Preferences, but it did not help.

被選擇的解決方法

this worked for me! i had all but given up when i received this answer in my inbox this morning. i was sceptical at first, thinking something so simple could not possibly solve all my problems.... it did! sometimes simple is best. thank you all for the replies and the help getting this fixed!

從原來的回覆中察看解決方案 👍 0

所有回覆 (12)

more options

Just an update: when I proceed to adding a security exception and examine the certificate's details, the following extensions are marked as "critical":

Extensions->Certificate Basic Constraints: Critical Is not a Certificate Authority

Extensions->Certificate Key Usage: Critical Signing Key Encipherment

more options

Seems to be working fine here.

Are there any intermediate certificates (Software security Device) stored under Unizeto Sp. z o.o. under Authorities in the Certificate Manager?

  • Firefox > Preferences > Advanced : Encryption: Certificates - View Certificates
more options

Good point. There aren't - there are just Builtin object tokens. But the certificate chain is ok (verified by multiple checkers). It just seems that firefox does not retrieve the full chain. Interestingly enough, versioncheck.mozilla.addons.org:443 seems to be affected, too.

more options

Is the time correct on all affected computers?

Where does the certificate chain stop when it happens?

Is there a router or a firewall that can possibly intercept secure connections and send their own certificate?

由 cor-el 於 修改

more options

Yes, the time is correct.

I don't believe that the router intercepts secure connections. All the other secure sites work fine. The warning appears in my office, as well as at my house, and the network environments are totally different in these places (cable tv and adsl/phone). I also receive various reports from users that experience the same problem. I can't see any pattern there, but Firefox is the only browser that's affected.

Oh, I am not really sure how to tell where the certificate chain stops. It seems that Firefox fails to recognize the intermediate certificate. I don't know a way to examine the certificate chain that Firefox sees.

由 gr33nkriz 於 修改

more options

Try to rename the file cert8.db to cert8.db.old in the Firefox Profile Folder to remove all intermediate certificates that Firefox has stored by visiting secure websites.
If that helped to solve the problem then you can remove the renamed file cert8.db.old unless you have user certificates that you may want to export first and import them in the new file.
Otherwise you can restore the certificates by renaming (copying) the file back to cert8.db
Firefox will automatically store new intermediate certificates when you visit websites that send them.

more options

I have just tried it, but it didn't make any difference. Any other clues?

more options

UPDATE: Your solution worked! I was just being a muppet and did not restart firefox properly after deleting cert8.db.

Thank you very much for the tip!

Now the question is: what caused it? Is this a bug in firefox? The solution is quite easy once you know it, but having to explain to regular users may be tedious, to say the least....

more options

cor-el or gr33nkriz, can you please walk a non-expert through the steps of what you did to solve this problem?

I am having major problems with FF 10.0 (and previous versions of FF, over the last six months) telling me that various security certificates are expired/invalid (chief among them is Google+ and other Google sites), as well as constant instances of "This site is untrusted!" notifications. I am having to click through to "confirm security exception" constantly, and even then, pictures, formatting, and content of many pages will not load.

Thanks for your help.

more options

Sure.

1. Find your profile folder following the instructions given here:

http://blog.ffextensionguru.com/2010/04/24/locate-your-profile-folder-easily-in-firefox-3-6/

2. In the profile folder you will find the file named "cert8.db". Rename it to e.g., "cert8.db.old"

3. Restart firefox, but do it properly - in my case I did not notice that there were some instances still running even after I closed all the visible firefox windows.

This solved my problem, hope it will solve yours.

more options

Unfortunately, that didn't work. I found that cert8 file. I had to close FF in order to rename it, but even after I did that, I still have the same problem. Now there is another cert8 file also (in addition to the "old" one I renamed). I deleted the "old" file, but the newly created one is there. I did check to make sure that all FF functions were closed, but the fix didn't do anything.

I have also made sure that the computer's date and time are correct. No luck. Thanks for your very quick help though!

由 travelmad478 於 修改

more options

選擇的解決方法

this worked for me! i had all but given up when i received this answer in my inbox this morning. i was sceptical at first, thinking something so simple could not possibly solve all my problems.... it did! sometimes simple is best. thank you all for the replies and the help getting this fixed!