X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

I continue to receive error messages with the untrusted connection and error code ((Error code: sec_error_cert_signature_algorithm_disabled). What do I do?

Kuphostiwe

I have been using Firefox for years and have had no issue. Tonight, when I try to go to my normal websites (AOL mail, Etsy, etc.) I receive an error message of:

This Connection is Untrusted

You have asked Firefox to connect securely to my.screenname.aol.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

my.screenname.aol.com uses an invalid security certificate.

The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.

(Error code: sec_error_cert_signature_algorithm_disabled)

I have tried updating Firefox, I have run a security check, I have search the forums...I have not found a solution for this error code.

What am I able to do?

I have been using Firefox for years and have had no issue. Tonight, when I try to go to my normal websites (AOL mail, Etsy, etc.) I receive an error message of: This Connection is Untrusted You have asked Firefox to connect securely to my.screenname.aol.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. my.screenname.aol.com uses an invalid security certificate. The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure. (Error code: sec_error_cert_signature_algorithm_disabled) I have tried updating Firefox, I have run a security check, I have search the forums...I have not found a solution for this error code. What am I able to do?

Isisombululo esikhethiwe

See:

  • [/questions/936029] All https: websites are experiencing cert untrusted errors with Digitalmarketresearchapps Pty Ltd showing as cert provider. No viruses detected on my system.

https://www.google.com/search?q=digitalmarketresearchapps

Funda le mpendulo ngokuhambisana nalesi sihloko 1

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; HPDTDFJS; McAfee; H9P; GWX:DOWNLOADED; rv:11.0) like Gecko

Eminye Imininingwane

cor-el
  • Top 10 Contributor
  • Moderator
17683 izisombululo 159991 izimpendulo
Kuphostiwe

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder:

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored. If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. You can use this button to go to the current Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox

Umnikazi wombuzo

I thank you for your time and efforts. I tried the suggestion and renamed the cert file and deleted the cert override file and I am still receiving the same error message.

I thank you for your time and efforts. I tried the suggestion and renamed the cert file and deleted the cert override file and I am still receiving the same error message.
jscher2000
  • Top 10 Contributor
8837 izisombululo 72222 izimpendulo
Kuphostiwe

Hmm, when I look at the cert on that site it seems fine. (Screen shot attached.)

On Etsy and other secure sites, is it that same code: "sec_error_cert_signature_algorithm_disabled"?

Could you take a look at your preference settings and see whether any of these have been modified from their defaults:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste security.ssl and pause while the list is filtered

(3) If any preferences starting with security.ssl are bolded and "user set" to false, you can right-click > Copy Name and paste it into a reply here for consideration.

Note: it's okay to set these two to false (note they have dhe in them):

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha
Hmm, when I look at the cert on that site it seems fine. (Screen shot attached.) On Etsy and other secure sites, is it that same code: "sec_error_cert_signature_algorithm_disabled"? Could you take a look at your preference settings and see whether any of these have been modified from their defaults: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''security.ssl''' and pause while the list is filtered (3) If any preferences starting with '''security.ssl''' are bolded and "user set" to false, you can right-click > Copy Name and paste it into a reply here for consideration. Note: it's okay to set these two to false (note they have dhe in them): * security.ssl3.'''dhe'''_rsa_aes_128_sha * security.ssl3.'''dhe'''_rsa_aes_256_sha

Impendulo Ewusizo

Below are all of the items that came up false:

security.ssl.errorReporting.automatic security.ssl.false_start.require-npn security.ssl.require_safe_negotiation security.ssl.treat_unsafe_negotiation_as_broken

The items were not is bold and were labeled as default, but I included them anyway.

Thanks!

Below are all of the items that came up false: security.ssl.errorReporting.automatic security.ssl.false_start.require-npn security.ssl.require_safe_negotiation security.ssl.treat_unsafe_negotiation_as_broken The items were not is bold and were labeled as default, but I included them anyway. Thanks!
cor-el
  • Top 10 Contributor
  • Moderator
17683 izisombululo 159991 izimpendulo
Kuphostiwe

What are the settings of the above mentioned 'security.ssl3.dhe' prefs?

You can set these prefs to false on the about:config page to disable the cipher suites that are involved with the Logjam vulnerability in case they are currently enabled.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha
What are the settings of the above mentioned 'security.ssl3.dhe' prefs? You can set these prefs to false on the <b>about:config</b> page to disable the cipher suites that are involved with the Logjam vulnerability in case they are currently enabled. *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha

Umnikazi wombuzo

security.ssl3.dhe_rsa_aes_128_sha;true security.ssl3.dhe_rsa_aes_256_sha;true

I tried to change the two above mentioned items and I received the same error code. It originally let me on AOL mail this morning, for about a minute and a half, but then I received the same error message as in the original post. This is the same error message that I receive through the Etsy site also.

security.ssl3.dhe_rsa_aes_128_sha;true security.ssl3.dhe_rsa_aes_256_sha;true I tried to change the two above mentioned items and I received the same error code. It originally let me on AOL mail this morning, for about a minute and a half, but then I received the same error message as in the original post. This is the same error message that I receive through the Etsy site also.
jscher2000
  • Top 10 Contributor
8837 izisombululo 72222 izimpendulo
Kuphostiwe

Two other users just posted about getting this "sec_error_cert_signature_algorithm_disabled" error, which otherwise is very rare on this forum. Perhaps there is some new malware going around, or a change in Firefox surfaced an issue with something that was already on your system.

Have you ever seen this code on any other secure site?

Two other users just posted about getting this "sec_error_cert_signature_algorithm_disabled" error, which otherwise is very rare on this forum. Perhaps there is some new malware going around, or a change in Firefox surfaced an issue with something that was already on your system. Have you ever seen this code on any other secure site?
jscher2000
  • Top 10 Contributor
8837 izisombululo 72222 izimpendulo
Kuphostiwe

Actually, you already mentioned two sites, so probably there are more.

To gather further information, you could inspect a sample certificate to see whether that points to the culprit. For example, you can open my test page at:

https://jeffersonscher.com/res/jstest.php

You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button.

Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.

Click Add Exception, and the certificate exception dialog should open.

Click the View button. If View is not enabled, try the Get Certificate button first.

This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

Actually, you already mentioned two sites, so probably there are more. To gather further information, you could inspect a sample certificate to see whether that points to the culprit. For example, you can open my test page at: https://jeffersonscher.com/res/jstest.php You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button. ''Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.'' Click Add Exception, and the certificate exception dialog should open. Click the View button. If View is not enabled, try the Get Certificate button first. This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

Umnikazi wombuzo

I have attached images of what your steps showed.

I have attached images of what your steps showed.
cor-el
  • Top 10 Contributor
  • Moderator
17683 izisombululo 159991 izimpendulo
Kuphostiwe

Maybe check in another browser like Google Chrome what certificate(s) are used and other connection details like the TLS version.

You can check the connection settings.

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

See "Firefox connection settings":

Maybe check in another browser like Google Chrome what certificate(s) are used and other connection details like the TLS version. You can check the connection settings. *Tools > Options > Advanced > Network : Connection > Settings *https://support.mozilla.org/kb/Options+window+-+Advanced+panel If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly. See "Firefox connection settings": *https://support.mozilla.org/kb/Firefox+cannot+load+websites+but+other+programs+can
cor-el
  • Top 10 Contributor
  • Moderator
17683 izisombululo 159991 izimpendulo
Kuphostiwe

Isisombululo Esikhethiwe

See:

  • [/questions/936029] All https: websites are experiencing cert untrusted errors with Digitalmarketresearchapps Pty Ltd showing as cert provider. No viruses detected on my system.

https://www.google.com/search?q=digitalmarketresearchapps

See: *[[/questions/936029]] All https: websites are experiencing cert untrusted errors with Digitalmarketresearchapps Pty Ltd showing as cert provider. No viruses detected on my system. ---- https://www.google.com/search?q=digitalmarketresearchapps

Okulungisiwe ngu cor-el

jscher2000
  • Top 10 Contributor
8837 izisombululo 72222 izimpendulo
Kuphostiwe

Impendulo Ewusizo

As mentioned by cor-el, check for a program or add-on named E-Rewards and/or E-Rewards Notify.

(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it. Take out as much trash as possible here.

(2) Open Firefox's Add-ons page using either:

  • Ctrl+Shift+a
  • "3-bar" menu button (or Tools menu) > Add-ons
  • in the Windows "Run" dialog, type or paste
    firefox.exe "about:addons"

In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".

In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.

Does that resolve it? If not:

(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.

Success?

As mentioned by cor-el, check for a program or add-on named E-Rewards and/or E-Rewards Notify. (1) Open the Windows '''Control Panel''', Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. ''Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it.'' Take out as much trash as possible here. (2) Open Firefox's '''Add-ons page''' using either: * Ctrl+Shift+a * "3-bar" menu button (or Tools menu) > Add-ons * in the Windows "Run" dialog, type or paste <br><code>firefox.exe "about:addons"</code> In the left column, click '''Plugins'''. Set nonessential and unrecognized plugins to "Never Activate". In the left column, click '''Extensions'''. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. ''Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.'' Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step. Does that resolve it? If not: (3) You can search for remaining issues with the '''scanning/cleaning tools''' listed in our support article: [[Troubleshoot Firefox issues caused by malware]]. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case. Success?

Umnikazi wombuzo

Thank You! I went through your steps and followed the link from another user having the same issue. I had the e-rewards notify app and have uninstalled it. The issue seem to have been resolved, at least for now.

Thank You! I went through your steps and followed the link from another user having the same issue. I had the e-rewards notify app and have uninstalled it. The issue seem to have been resolved, at least for now.