Firefox STILL won't let me add a security exception
Security exceptions have NEVER worked correctly for me, and I'm sick of it. Someone please help with this.
First of all, I posted about this months ago, the thread can be found here: https://support.mozilla.org/en-US/questions/965352 . No personal ill-will toward the folks who responded, but none of the replies were helpful. Most were not even APPLICABLE. (This includes the final one, that I didn't respond to.)
Briefly: Occasionally, seemingly at random, a site (often one I've previously accessed with no problem) will start giving me the "This connection is untrusted" screen I'm sure you've all seen occasionally, ostensibly because of invalid security certificates, but in reality for no damn reason at all, at least not that I've ever been able to discern. I then click on the "I understand the risks => Add exception" option - unlike some others who have similar issues, I DO get this option, it's not greyed out or anything. This brings up the "Add Exception" dialog as expected, but apparently it's merely decorative, because when I click the Confirm Security Exception button at the bottom, LITERALLY NOTHING happens. The box doesn't close, no error message comes up, there is no visible change of any kind. I hope I'm being clear, when I say LITERALLY NOTHING happens I mean LITERALLY NOTHING happens.
(Sorry if that sounds condescending, but you'd be amazed at the number of times I've said something like that and the *immediate* response is something like "What did the error message say?". And looking at it from the other side, having done tech support, you'd be equally amazed at the things customers described as "nothing happening" that could not possibly be further from "nothing", including error messages that plainly spelled out what the problem was! I'm just trying to (a) avoid the first scenario, and (b) make it clear that this isn't an instance of the second one...)
To belatedly respond to the last message in the previous thread:
* I am NOT in private browsing mode * There are no intermediate certificates involved (and even if there were, I would have no clue, based on that message, about HOW to get them). * Also, it's a very bad sign that this message expressed doubt about whether I had an option that my original post quite explicitly spelled out that I *did* have. Again, no personal ill-will, and I know the OP in that thread was rather long, but even so, that kind of thing makes me wonder what *else* about the problem the person responding might have misunderstood.
Anyway. Hope that's clear enough, if anything isn't, please ask. I'm happy to answer questions about my settings and whatever else might be relevant, much less happy to correct faulty assumptions after the fact. It seems that significantly more people than me have this problem, let's see if we can get it resolved once and for all.
Thank you very much for writing, I hope to help you with your problem. I recommend you do the following and see if the behavior is the same. Very important that you delete the Mozilla Firefox folder to reinstall it clean.
- Download the latest Desktop version of Firefox from http://www.mozilla.org and save the setup file to your computer.
- After the download finishes, close all Firefox windows (click Exit from the Firefox or File menu).
- Delete the Firefox installation folder, which is located in one of these locations, by default:
- C:\Program Files\Mozilla Firefox
- C:\Program Files (x86)\Mozilla Firefox
- Mac: Delete Firefox from the Applications folder.
- Linux: If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see Install Firefox on Linux. If you downloaded and installed the binary package from the Firefox download page, simply remove the folder firefox in your home directory.
- Now, go ahead and reinstall Firefox:
- Double-click the downloaded installation file and go through the steps of the installation wizard.
- Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
More information about reinstalling Firefox can be found here.
WARNING: Do not run Firefox's uninstaller or use a third party remover as part of this process, because that could permanently delete your Firefox data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. These cannot be recovered unless they have been backed up to an external device!
You should always check the technical details to check out why the certificate is untrusted.
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted (click "Technical Details to expand that section) and if this is caused by a missing intermediate certificate then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
cor-el, most of that answer is the SAME as the one in the other thread. I mean literally word-for-word the same. As such, I already responded to it, albeit belatedly, with the three bullet points above that somehow came out in Courier. None of the things I say there have changed in the last few hours. If anything, I would now word the third point much more emphatically, and be tempted to phrase it rather less politely.
In the case I'm concerned about at the moment, the technical details read:
- theme.co uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
(Originally that was on three separate lines, but otherwise this is an exact copy/paste). I don't see anything about intermediate certificates. I don't remember exactly what this said in the previous case, but one thing I am pretty certain of was that that didn't mention any intermediate certificates either. Note, this is for a site I have no problems reaching on Chrome.
I did try the cert8.db.old rename, and would like to thank you for that portion of your post. Initially I had some optimism about that, as similar solutions have worked for me before (not on this issue, on other ones relating to passwords). Unfortunately, that didn't work either. I renamed the old cert8.db, closed and restarted Firefox completely, and I'm still getting the same error. This is significant since previous instances of the problem have tended to only last a couple hours - this one has now been going for at least 12.
h.giobo, unless someone else responds that leaves me with your solution. Actually, I'm likely to do a variant of what you suggest soon anyway, for unrelated reasons. I've been running 32-bit Windows, initially for compatibility reasons, but it recently dawned on me that after a recent series of hardware upgrades, I no longer have any good reason for doing so. So I'll be moving to 64-bit, which will obviously also entail a de-and-re of all my software, including Firefox. That's just waiting for a new hard drive to arrive that I want to install at the same time. So, if no other solution appears before then, in effect I'll be doing what you suggest anyway, probably some time this week.
由 purpleplatypus 於 修改
hello, the https://theme.co site hasn't properly implemented the necessary intermediary certificate that links the issued certificate to the root certificate authority, which will cause the error you have referenced in certain situations. it's best to report the problem to the site, so that they can fix it.
to work around that issue on your end, just visit https://www.digicert.com/digicert-root-certificates.htm - afterwards it should be possible to visit the site you've referenced.
The sec_error_unknown_issuer error means that this is an issue with a missing intermediate certificate and that Firefox isn't able to build a certificate chain that ends with a built-in root certificate. This can be an issue with a web server where they failed to install all certificates.
The next step would be to check the certificate to see who is the issuer of the certificate to see who is listed as the issuer of the certificate.
That will make it possible to see what needs and can be done to fix this issue.
Well, okay, that (the last two messages) explains why the error message is coming up in the first place. I have informed the owners of the offending site about the problem with their security certificate.
However, none of this addresses what, to me, is the most important issue here, which is that the "Confirm Security Exception" button doesn't work. As I went to almost comical lengths to be clear about above, this button literally does nothing, at least on my installation, and apparently those of at least 20 and possibly several hundred others (to judge from the "X has this problem too" text at the top of similar threads, including my previous one).
Any ideas on that, apart from the de-and-re (which, as I said above, will effectively happen anyway in a few days)?
You can also check the theme.co server via this website:
Quote: The server is not sending the required intermediate certificate.
Tip: It looks like this server is running Apache. In most cases, solving this problem is as simple as adding "SSLCertificateChainFile /path/to/DigiCertCA.crt" to your apache configuration file after/near your SSLCertificateFile line.
Thanks, I've passed that on to theme.co.
As discussed above, I reinstalled Windows 7 a few hours ago for unrelated reasons. The "new" machine (exact same hardware, but new clean install of Windows, and now 64 bit rather than 32) does not have the problem with this particular site, even after importing my old profile back in. (Mind you, I also told MozBackup not to import the certificates from the old profile.)
This does not necessarily mean the main problem - Firefox not allowing security exceptions it should allow - is solved. However, it's certainly a positive sign.
I'm having a similar problem, so I'm opting not to begin a new thread.
Running OSX 10.9 with Firefox 29.0.1.
I'm trying to access a website I administer. For a variety of reasons, I have a self-signed certificate I use for the site, and this is non-negotiable; it MUST use a self-signed cert, so I can't follow a lot of the suggested resolutions from various threads here on support.
I've been doing things this way for years - I always simply stored a permanent exception and happily continued on with life. But since upgrading to FF29, I've run into the same issue described above - when the "permanently store this exception" option is checked, the 'confirm security exception' button does not work. It lights up blue when clicked (showing that the click is being registered and rejected), but nothing happens. If I un-check the "permanently store this exception" box, I can then confirm the exception, but I'm forced to repeat it every 12 hours or so.
This behaviour needs to be corrected, but none of the proposed solutions have worked. Does anyone know what causes this problem and how it can be fixed?
Same with me. If I uncheck the permanent exception box, it will save it. Getting damn frustrating since I never know when it's going to happen. This case was with my city's e-bill payment site. Another site I have issues with is friggin' CHASE BANK!