Funkcionalnosć toś togo sedła se pśez wótwardowańske źěła wobgranicujo, kótarež maju wašo dožywjenje pólěpšyś. Jolic nastawk waš problem njerozwězujo a cośo pšašanje stajiś, wobrośćo se na našo zgromoźeństwo pomocy, kótarež na to caka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomagaś.

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

https security error: Connection verified by a certificate issuer that is not recognized by Mozilla

  • 9 wótegrona
  • 0 ma toś ten problem
  • Slědne wótegrono wót cor-el

more options

Hello, I am running Firefox on a W10-Pro PC. I always click the lock to check certificate validation. In the last month I keep seeing "Connection verified by a certificate issuer that is not recognized by Mozilla".

When I click for more information I see that "Norton Web/Mail Shield" does not recognize the certificate issuer. When I click on Learn More it takes me to a Firefox site "How to disable the Enterprise Roots preference" I also checked W10 certmgr.msc and I see Norton is listed. Images included below. I would love to resolve this issue. Thank you for your time.

Hello, I am running Firefox on a W10-Pro PC. I always click the lock to check certificate validation. In the last month I keep seeing "Connection verified by a certificate issuer that is not recognized by Mozilla". When I click for more information I see that "Norton Web/Mail Shield" does not recognize the certificate issuer. When I click on Learn More it takes me to a Firefox site "How to disable the Enterprise Roots preference" I also checked W10 certmgr.msc and I see Norton is listed. Images included below. I would love to resolve this issue. Thank you for your time.
Pśipowjesone fota wobrazowki

Wšykne wótegrona (9)

more options

Firefox/Mozilla doesn't certify certificate that is done by another organization and if the certificate is invalid or out of date then it's up to one owning the certificate to update to allow access with the certificate to be used. Ad Norton also gave you the same error message so this isn't a Firefox issue.

Wužytny?

more options

Mark, Thank you for the reply. Unfortunately your reply does not help me solve my issue. I did not include anything that says Norton gave me the same error message. As far as I can tell a Norton Certificate (which date appears valid) is in the W10-Pro Trusted certificate list as well as within the Firefox certificate list. Currently I am not trusting (using) Firefox with any accounts that require passwords.

Wužytny?

more options

If not Norton - Firefox isn't the issuing certificate it's verifies it's up to date and matches certification that should be for site or whom issuing it and if it fails then the Browser will protects itself from malicious certificates. So you should ask the site that uses to do their proper checks.

Wužytny?

more options

My apologizes, but I still don't understand your response.

I open a URL with FIrefox in protected mode, the page opens and I click on the lock icon, I check that the connection is secure and who it is verified by. If I'm happy with the verifier I continue.

Over the last couple of weeks its almost always Norton is the verifier. Click on the lock, Firefox responds with three lines of text. It tells me "You are securely connected to this site". next line Verified by: Norton Web/Mail Shield. In the next line Firefox says: Mozilla does not recognize this certificate issuer. It may have been added from your OS or by an administrator.

The certificate managers for Microsoft W10-Pro and Firefox both show Norton Web/Mail Shield Root with a date 1/1/2010 - 1/1/2040.

So my dilemma is: why does Firefox permit me access to the URL when it has no recognition of the certificate issuer?

This morning, using Firefox I opened several URL's and everyone was certified by Norton. I moved to Microsoft Edge and opened the same URL's and got a variety of certifiers, none were Norton.

Wužytny?

more options

Some sites permits access but it does say use at your own risk. Without a url of the problem site no one will know why it's doing that. How Norton verifies that's Norton not Firefox.

Wužytny?

more options

Your Firefox is configured to trust Norton web shield as a certificate issuer. This is standard for security software that filters your web browsing. Here's why: if the traffic is encrypted between Firefox and the web server, Norton -- which runs outside of Firefox -- can't read it and therefore can't block or clean it. In order to work as a filter, Norton sets up as a "man in the middle" and there are two separate encrypted connections: one between Firefox and the filter, and one between the filter and the web server.

Now normally Firefox will refuse to connect when there is a man in the middle because the fake site certificate can't be validated up to a trusted authority certificate. That's why the browser needs to be set to trust Norton web shield as an issuer of fake website certificates. There are two methods for that:

(1) import an Authority certificate into Firefox (your fourth screenshot) or

(2) set Firefox to use the Windows certificate store ("Enterprise roots"), which apparently is easier for security software to update

Hopefully that clarifies the situation. Next is what to do about it. What is your preference?

(A) You want your Norton software to continue filtering your browsing

In this case, there really isn't anything to change.

(B) You want Firefox to bypass Norton and connect to HTTPS addresses directly

I think you would go into the Norton web shield settings and tell it not to intercept Firefox traffic, or not to intercept HTTPS/secure traffic from Firefox, but I haven't researched what Norton's settings look like.

Wužytny?

more options

Hi jscher2000, Thank you for your response. I get the idea as to how things should work.

1). This all started less than a month ago. No new browsers, no new Norton... 2). Norton always asks if I want to install their protection into the browsers I use. I always refuse those requests. 3). In the last week no matter what URL I open the lock shows "Norton Web/Mail Shield Root". 4). Microsoft Edge shows many different Certifiers and and occasionally "Norton Web/Mail Shield Root".

Why do you say Firefox is configured to trust Norton web shield as a certificate issuer when Firefox states "Mozilla does not recognize this certificate issuer". There is a disconnect here. I've lost my trust Firefox.

I do not want to bypass certification in any way.

Does Mozilla support monitor this forum?

Wužytny?

more options

Hello again, I just looked at Firefox Certificate Manager (under Privacy/Security). Might this have something to do with my problem? Photo included

All the entries within the Certificate manager "Security Device" column say "Builtin Object Token" except Norton Web/Mail Shield Root which says "Software Security Device". Thank you.

Wužytny?

more options

Yes, that is the Norton root certificate that Firefox has imported from the Windows certificate store and that is needed to prevent a SEC_ERROR_UNKNOWN_ISSUER error. This discussed in this support article.

Wužytny?

Stajśo pšašanje

Musyśo se pla swójogo konta pśizjawiś, aby na pśinoski wótegronił. Pšosym stajśo pšašanje, jolic hyšći njamaśo wužywaŕske konto.