Funkcionalnosć toś togo sedła se pśez wótwardowańske źěła wobgranicujo, kótarež maju wašo dožywjenje pólěpšyś. Jolic nastawk waš problem njerozwězujo a cośo pšašanje stajiś, wobrośćo se na našo zgromoźeństwo pomocy, kótarež na to caka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomagaś.

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Firefox loses all trust every CA after while

  • 5 wótegrona
  • 1 ma toś ten problem
  • 1 naglěd
  • Slědne wótegrono wót cor-el

more options

We do have Firefox running in a corporate environment (Active Directory, Roaming Profiles, GPO Folder Redirections). For a while now Firefox loses all trust in every CA after the Firefox ran idle for a while.

And I do mean this literally: The do get SEC_ERROR_UNKNOWN_ISSUER on every site even though the chain checks out if I test it via:

``` openssl verify -CAfile /etc/ssl/certs/ca-bundle.crt -untrusted chain-from-ff.crt host.crt ```

The test is done on an independent Fedora Linux machine.

If the user restarts Firefox everything works again until the next time. On the machines there is only Windows Defender running no other antivirus software.

We do have Firefox running in a corporate environment (Active Directory, Roaming Profiles, GPO Folder Redirections). For a while now Firefox loses all trust in every CA after the Firefox ran idle for a while. And I do mean this literally: The do get SEC_ERROR_UNKNOWN_ISSUER on every site even though the chain checks out if I test it via: ``` openssl verify -CAfile /etc/ssl/certs/ca-bundle.crt -untrusted chain-from-ff.crt host.crt ``` The test is done on an independent Fedora Linux machine. If the user restarts Firefox everything works again until the next time. On the machines there is only Windows Defender running no other antivirus software.

Wšykne wótegrona (5)

more options

Hi, has there been any changes to your firewall at the time this issue started ?

more options

No active changes on the running system. It always happens after the user has the computer running in idle.

PS: Could someone change the tags of this thread? I have checked using Linux but the problem is not related to Linux in any way… The Clients are running on Windows 10

more options

For the poor masses who find this question via search engine.

The problem appears to be the same as can be found in:

https://support.mozilla.org/en-US/questions/1226671 and on Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1479340

more options

How about a actually screen shot of the error? No two same problems are triggered the same.

more options

Did you make sure that the computer time is still correct? Are toy using internet based time servers to ensure a correct time?

Is this a certificate issue or is something else wrong?

You can check if there is more detail available about the issuer of the certificate.

  • click the "Advanced" button show more detail
  • click the blue SEC_ERROR_UNKNOWN_ISSUER error text to show the certificate chain
  • click "Copy text to clipboard" and paste the base64 certificate chain text in a reply

If there is a different error message then please post its content or attach a screenshot.

If clicking the blue error text doesn't provide the certificate chain then try these steps to inspect the certificate.

  • open the Servers tab in the Certificate Manager
    • Options/Preferences -> Privacy & Security
      Certificates: View Certificates -> Servers: "Add Exception"
  • paste the URL of the website (https://xxx.xxx) in it's Location field

Let Firefox retrieve the certificate -> "Get Certificate"

  • click the "View" button and inspect the certificate

You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.