X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

How to determine which software is performing HTTPS scanning?

Kuphostiwe

In my work computer, Firefox always gives "sec_error_unknown_issuer" error and only on HTTPS sites.

I have browsed the forums and understood that this is most probably caused by a sofware that performs HTTPS scanning. (See [this](https://support.mozilla.org/en-US/questions/1030927) and [this](https://support.mozilla.org/en-US/questions/1026631#answer-650916) answer)

However, I really don't know which software is performing the HTTPS scanning exactly.

Is there a way that I can determine which software is doing the HTTPS scanning so that I will be able to add its certificate to Firefox and hence be able to use the Firefox properly?

Thank you very much in advance

Regards

In my work computer, Firefox always gives "sec_error_unknown_issuer" error and only on HTTPS sites. I have browsed the forums and understood that this is most probably caused by a sofware that performs HTTPS scanning. (See [this](https://support.mozilla.org/en-US/questions/1030927) and [this](https://support.mozilla.org/en-US/questions/1026631#answer-650916) answer) However, I really don't know which software is performing the HTTPS scanning exactly. Is there a way that I can determine which software is doing the HTTPS scanning so that I will be able to add its certificate to Firefox and hence be able to use the Firefox properly? Thank you very much in advance Regards

Isisombululo esikhethiwe

Apparently the proxy which uses the KFSCaRoot certificate (which doesn't yield much in a search) is imperfect if it allows some sites to bypass it.

Try using Chrome for this next step, which is to view and export the signing certificate, assuming you trust whatever that is to read all your traffic.

Export

  • Open a secure site in Chrome and click the padlock icon on the address bar. Click Connection to find the link to View Certificate.
  • In the Chrome certificate viewer, switch to the the Certification Path tab. Click the cert you want to export and use the View Certificate button to open it directly. (This is not the site's certificate, but the certificate used by the proxy to sign the fake site certificates.)
  • Then click the Details tab and click the Copy to file button. This starts the Export Wizard. Use the DER format and save to a convenient location.

Import

  • In Firefox, open the Certificate Manager using: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button
  • Click the Authorities mini-tab and then the "Import" button, and find the DER file. Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.

I am attaching some screen shots for reference, obviously not with your actual proxy...

Does it work?

Funda le mpendulo ngokuhambisana nalesi sihloko 5

Eminye Imininingwane Yohlelo

Fakela amapulagi

None

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36

Eminye Imininingwane

James
  • Top 25 Contributor
  • Moderator
1598 izisombululo 11289 izimpendulo
Kuphostiwe

Some Antivirus clients have been known to do this on Windows.

Some Antivirus clients have been known to do this on Windows.

Impendulo Ewusizo

I know but is there a way to determine it precisely within the Firefox maybe?

I know but is there a way to determine it precisely within the Firefox maybe?
cor-el
  • Top 10 Contributor
  • Moderator
17536 izisombululo 158573 izimpendulo
Kuphostiwe

Impendulo Ewusizo

What security software do you have?

There is security software like Avast and Kaspersky and BitDefender that intercept secure connections and send their own certificate.

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website.

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.

What security software do you have? There is security software like Avast and Kaspersky and BitDefender that intercept secure connections and send their own certificate. Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate: *chrome://pippki/content/exceptionDialog.xul In the location field of this window type or paste the URL of the website. *retrieve the certificate via the "Get certificate" button *click the "View..." button to inspect the certificate in the Certificate Viewer You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.
jscher2000
  • Top 10 Contributor
8773 izisombululo 71719 izimpendulo
Kuphostiwe

If you need a test site, you could try this page:

https://jeffersonscher.com/res/jstest.php

You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button.

Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.

Click Add Exception, and the certificate exception dialog should open.

Click the View button. If View is not enabled, try the Get Certificate button first.

This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

If you need a test site, you could try this page: https://jeffersonscher.com/res/jstest.php You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button. ''Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.'' Click Add Exception, and the certificate exception dialog should open. Click the View button. If View is not enabled, try the Get Certificate button first. This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

Umnikazi wombuzo

Thanks for the answers.

I have looked at the certificates for "google.com" and "www.jeffersonscher.com".

In both websites, the issuer is the same. However, their serial numbers are different.

I am attaching the screenshots.

So how should I add the certificate to Firefox now?

Regards

Thanks for the answers. I have looked at the certificates for "google.com" and "www.jeffersonscher.com". In both websites, the issuer is the same. However, their serial numbers are different. I am attaching the screenshots. So how should I add the certificate to Firefox now? Regards

Okulungisiwe ngu utku1

Umnikazi wombuzo

Follow up: I have exported the *google.com certificate and tried to add it to "Your Certificates" part but I got the error in the screenshot.

Follow up: I have exported the *google.com certificate and tried to add it to "Your Certificates" part but I got the error in the screenshot.

Umnikazi wombuzo

Also, the problem still continues on every website but interestingly, when I tried to connect to "addons.mozilla.org", it connects but in plain HTML version. I am attaching the screenshot of the certificate.

Also, the problem still continues on every website but interestingly, when I tried to connect to "addons.mozilla.org", it connects but in plain HTML version. I am attaching the screenshot of the certificate.

Okulungisiwe ngu utku1

jscher2000
  • Top 10 Contributor
8773 izisombululo 71719 izimpendulo
Kuphostiwe

Isisombululo Esikhethiwe

Apparently the proxy which uses the KFSCaRoot certificate (which doesn't yield much in a search) is imperfect if it allows some sites to bypass it.

Try using Chrome for this next step, which is to view and export the signing certificate, assuming you trust whatever that is to read all your traffic.

Export

  • Open a secure site in Chrome and click the padlock icon on the address bar. Click Connection to find the link to View Certificate.
  • In the Chrome certificate viewer, switch to the the Certification Path tab. Click the cert you want to export and use the View Certificate button to open it directly. (This is not the site's certificate, but the certificate used by the proxy to sign the fake site certificates.)
  • Then click the Details tab and click the Copy to file button. This starts the Export Wizard. Use the DER format and save to a convenient location.

Import

  • In Firefox, open the Certificate Manager using: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button
  • Click the Authorities mini-tab and then the "Import" button, and find the DER file. Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.

I am attaching some screen shots for reference, obviously not with your actual proxy...

Does it work?

Apparently the proxy which uses the KFSCaRoot certificate (which doesn't yield much in a search) is imperfect if it allows some sites to bypass it. Try using Chrome for this next step, which is to view and export the signing certificate, assuming you trust whatever that is to read all your traffic. '''Export''' * Open a secure site in Chrome and click the padlock icon on the address bar. Click Connection to find the link to View Certificate. * In the Chrome certificate viewer, switch to the the Certification Path tab. Click the cert you want to export and use the View Certificate button to open it directly. (This is not the site's certificate, but the certificate used by the proxy to sign the fake site certificates.) * Then click the Details tab and click the Copy to file button. This starts the Export Wizard. Use the DER format and save to a convenient location. '''Import''' * In Firefox, open the Certificate Manager using: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button * Click the Authorities mini-tab and then the "Import" button, and find the DER file. ''Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.'' I am attaching some screen shots for reference, obviously not with your actual proxy... Does it work?