For one website: "This connection is untrusted"
For https://secure.pt4web.com/xxxxx/flash/index.php, which is the login page for a bank (used several times a week), on one XP PC a security alert now issues: "This connection is untrusted," with the specific error being "no issuer chain was provided."
The Firefox security tool reports "Your connection to this web site is not encrypted."
Internet Explorer 8 displays the page with no security alert. Another PC running Firefox under Vista does not display the alert.
Other https web sites do not cause this problem.
This is under Firefox 26.
Things I tried: start Firefox with all add-ons disabled, delete cert8.db from the profile folder, Reset Firefox, uninstall/reinstall Firefox, update Adobe Flash Player, turn off the Windows firewall and Microsoft Security Essentials. I also tried accessing the page from another Windows user account (so the problem does not seem to be specific to one Firefox profile).
Does anyone recognize these symptoms or have further ideas on troubleshooting?
Okulungisiwe ngu jd.hupp
Isisombululo esikhethiwe
Thanks, philipp and cor-el, for the similarly informative replies.
Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox.
I can think of no reason why any of my measures would have a delayed effect without further intermediate actions.
It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security.
And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus:
Error while checking the SSL Certificate!!
Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.
We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.
Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection.
And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine.
Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?
Funda le mpendulo ngokuhambisana nalesi sihloko 👍 0All Replies (5)
hello jd.hupp, the site doesn't properly include its intermediate certificate, so this can lead to problems in certain situations.
you might have to install the right certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to options > advanced > certificates > view certificates > import... & leave all the checkboxes unticked in the upcoming confirmation dialog...
The secure.pt4web.com server doesn't send a required intermediate certificate.
You can inspect the certificate chain via a site like this:
Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that
Copy the base64 encoded certificate text of the EssentialSSL CA certificate that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse.
Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.
Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.
Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.
Import the saved certificate in the Firefox Certificate Manager.
- Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import
Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one.
Isisombululo Esikhethiwe
Thanks, philipp and cor-el, for the similarly informative replies.
Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox.
I can think of no reason why any of my measures would have a delayed effect without further intermediate actions.
It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security.
And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus:
Error while checking the SSL Certificate!!
Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.
We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.
Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection.
And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine.
Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?
Okulungisiwe ngu jd.hupp
thanks for reporting back - for the moment i'll mark your issue as solved...
I can confirm that the site is now sending this intermediate certificate.
I deleted it in the Certificate Manager and restarted Firefox as a second test and the website loaded without a problem.