sec_error_expired_certificate
Hello When I try to open Checkvist.com Firefox shows this error:
checkvist.com uses an invalid security certificate.
The certificate expired on 21-Apr-2013 12:25 PM. The current time is 23-Nov-2013 12:26 PM.
(Error code: sec_error_expired_certificate)
As you can see my date/time is correct. I contacted the web site owner and they told me their certification is not expired. You can check yourself that their certificate is ok here http://www.digicert.com/help/ as I did.
I've exported the certificate and uploaded in the link below. http://wikisend.com/download/470088/beta.checkvist-com.crt
I want to know how is possible that Firefox can't get/update the correct certificate from this site which is out ther? I entered the IP of Checkvist.com (95.211.113.1) and got the same error as above in the Firefox.
I have to mention that upgrading FF is not an option for me. I downgrade to 20.0 because I wanted my preview pan (ctrl+Q) back. I tested on another system and there was no such error with an updated FF installed.
Please help me understand and solve this problem. P.S. It will be much more convenient if you let users upload screen shots or files like this in this form.
Thank you very much in advance for your coming help.
Alle svar (8)
Hello, Couple of things that you can try
- The certificate you provided is for beta.checkvist.com and not checkvist.com. There is a difference in the root CA for both the sites. The former is signed by starcom, while the latter by GoDaddy. Are you checking the checkvist.com or beta.cehckvist.com?
- When I checked both the sites on FF 25.01, like you mentioned, there are no errors
- So, this could be an issue with the specific machine+browser configuration
- Can you please check if you have added the older certificate to your Firefox certificate store? You can do this by going to Firefox -> Preferences -> Advanced -> Certificates and check the 'Your Certificates', 'People', 'Other' categories to see if you saved this certificate on a previous visit
Also, it should be possible for you to insert images to a support ticket (though CRT files might not be possible).
Hope this helps.
Hello
I exported that certificate from here: click on "Add Exception..." button > view > details, after I got error trying to open checkvist.com not beta.checkvist.com. I checked (tools>options>advanced>view certificates) and all of 'Your Certificates', 'People' and 'Other' categories where empty. All of certificates were in "servers" and "Authorities" tabs. But I noticed that I couldn't find the above expired certification I obtained from the error page under any branch of startcom in certificate manager. I'm wondering were is that expired certificate is located on my machine?
I tried deleting cert8.db from profile folder (%APPDATA%\Mozilla\Firefox\Profiles), clearing the catch and closing all tabs before restarting FF but the error message persists to show.
How can I force FF to insert the correct certificate from the site to it's database?
I have to admit that resting FF to default factory setting will cause me lots of pain due to lots of customizations I made in add-ons, about:config, etc. so it will be my last option.
Interestingly there is a similar error on up to dated Chrome on my machine. Here is the link for exported certification from chrome. http://wikisend.com/download/378766/checkvist.com problemed certificate chrome.cer
It seems that somewhere in my machine there is a local cached version of these problematic certification. I use windows XP professional sp3.
Thank you for your fast responses. Dashakol
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
You can rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored if you can't locate the used intermediate certificate in the Certificate Manager.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
Hello, Can you please check the certificate manager on your Windows machine to see if the older certificate was added to the machine (shouldn't matter, since Firefox uses its own keystore). Nevertheless it will be a good thing to check. You can check this reference for Certificates on Windows XP
If the certificate is not on the local machine, then, are you getting routed through a proxy for Internet connectivity? And is there a possibility of the proxy having certificates?
Thank you
cor-el
Isn't it obvious from my 2nd post that I've already tested all of your suggestions before without any result? Or some how it was hidden from you?
Dear gnittala I checked the link but are you sure it's about the same certificate we are talking about here? I mean ssl certificates. Any way I couldn't manage to understand that document and I think wasting one day wondering about this annoying bug is enough.
Firefox is bloated and bug ridden just like others and the best way to avoid wasting your time like I did today is to not taking it serious at all.
This problem is announced Officially not solved!
Thank you gnittala
Hello dashakol,
We definitely want to help you resolve the issue. I want to be sure that there is no malware on your machine that is intercepting this certificate and causing issues. Invalid SSL certificates getting displayed is a serious issue and I would suggest that you don't take it lightly.
Also, since the issue is happening on Google Chrome too, I am suspecting that there is something on that specific machine - a proxy / anti-virus / firewall that is causing this problem.
Could you please let us know if there is anything on that machine that could be intercepting the traffic. You also might want to check your machine to scan for malware too.
Thank you
Did you try to rename the cert8.db file temporarily if you can't locate the certificate in the Certificate Manager?