This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox Quantum detects only the first member in certificate chain

more options

Hi, on our website https://iva2018.westernsydney.edu.au we have installed the certificate (it does not encrypt images but we are fine with that).

We have a problem with Firefox on MAC which only detects the first member of certificate chain and gives away the "Error code: SEC_ERROR_UNKNOWN_ISSUER"

Attached are the two images, first is the certificate chain from Firefox and then from Chrome. It works also on Safari. We had no issues on Firefox on Windows.

Any idea what is the problem? Thanks

Kind regards

Hi, on our website https://iva2018.westernsydney.edu.au we have installed the certificate (it does not encrypt images but we are fine with that). We have a problem with Firefox on MAC which only detects the first member of certificate chain and gives away the "Error code: SEC_ERROR_UNKNOWN_ISSUER" Attached are the two images, first is the certificate chain from Firefox and then from Chrome. It works also on Safari. We had no issues on Firefox on Windows. Any idea what is the problem? Thanks Kind regards
Attached screenshots

All Replies (3)

more options

There is security software like Avast and Kaspersky and BitDefender and ESET that intercepts secure connections and sends their own certificate or that incorporates special web shielding features that can block content.

You may have to visit the forum of your security program after updating and checking first.

https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

Please let us know if this solved your issue or if need further assistance.

more options

See:

The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server's certificate chain is incomplete. Grade capped to B. This site works only in browsers with SNI support. DNS Certification Authority Authorization (CAA) Policy found for this domain. MORE INFO »

more options

Guys, thanks for super fast answer. Unfortunately neither leads to the solution. I am NOT using any security program, I have almost clean install of High Sierra. As mentioned, the site works on ALL other browsers, including Firefox on Windows. This issue happens only on MAC.

I performed the SSL report as well and it seems that the site only does not provide the lead-up certificate and extra download is needed, but that should not stop browser from detecting the full chain no?