Firefox does not recognize certificates from any of my banks since updating itself to 35.0.
I have had to switch to Internet Explorer because suddenly I cannot sign on to any of my banks from Firefox without overriding this warning: "This Connection is Untrusted. You have asked Firefox to connect securely to www.capitalone.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. etc etc "
(I prefer Firefox and want to come back.)
In fact for one of the banks, Firefox will not even allow me to override. Capital One, Wells Fargo, USAA Insurance....I'm sure their certificates are all in good order...and that they didn't expire all on the same day. Come on, Mozilla, you made the decision to switch me to automatic updates, not me....and this is why I didn't want to...I prefer to have someone else work out the bugs before I update. Please show me how to get back access to my banks. Thanks
الحل المُختار
I found the problem: FireFox updated itself to 35 about the same time as I updated my Kaspersky Internet Security. The two new apps are not compatible. If I had just the new KIS or if I had just the new Firefox, there would have been no problem. There is a work-around that works very well and I have posted it in the Kaspersky users forum. (Involves adding a "fake" Kaspersky certificate which Kaspersky supplies you.) I'm still not happy that Firefox took away my ability to NOT update Firefox.
Read this answer in context 👍 2All Replies (5)
hello sandiye, there will be a particular reason why all those certs fail to be validated on your system on your system. as a general advice: please NEVER override certificate warning of sensitive sites like your bank or mail provider!
first please make sure that the date, time & timezone are set correctly on your system. if this doesn't solve the issue (or it is already set properly), a possible solution depends on different factors:
- what is the error code shown under technical details on the error page?
in case the error code equals sec_error_unknown_issuer, please attempt to add an exception on the bottom of the error page & inspect the certificate (see the screenshot attached for instructions):
- which issuer information does the certificate contain?
thank you!
"This Connection is Untrusted" error message appears - What to do
Thank you Philipp for your kind reply. Unfortunately it didn't help.
1. My computer's clock checks out ok.
2. (BTW, the new Firefox version has caused the same problem on my husband's computer.)
3. Error code: sec_error_unknown_issuer
4. I took your link to the Mozilla support page and followed the instructions about deleting the cert8 file. Bad News: When I reopened Firefox, not only did I have the same problem, but now even more websites are involved including www.google.com.
5. Couldn't find a "screenshot attached" to your reply, but from your description I know what you meant to attach. On about half of the problem websites, that option is not available. Part of their warning says: "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate."
Is there anything else I should try? Is there a safe workaround for this bug?
Message to Mozilla: I would have been just fine if you had not forced the update on me.
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
- retrieve the certificate via the "Get certificate" button
- inspect the certificate via the "View..." button
hi sandiye, the screenshot will only be visible when you reply on the thread at https://support.mozilla.org/en-US/questions/1043120 - not in the email notification. the direct link to the picture would be https://support.cdn.mozilla.net/media/uploads/images/2015-01-24-03-10-02-63d2a6.png
please try it on a site where "HTTP Strict Transport Security" is not in place and you are able to add an exception - only do it in order to closer inspect the issuer of the certificate, but don't add the exception for real.
الحل المُختار
I found the problem: FireFox updated itself to 35 about the same time as I updated my Kaspersky Internet Security. The two new apps are not compatible. If I had just the new KIS or if I had just the new Firefox, there would have been no problem. There is a work-around that works very well and I have posted it in the Kaspersky users forum. (Involves adding a "fake" Kaspersky certificate which Kaspersky supplies you.) I'm still not happy that Firefox took away my ability to NOT update Firefox.