Αυτός ο ιστότοπος θα έχει περιορισμένη λειτουργικότητα, όσο εκτελούμε εργασίες συντήρησης για να βελτιώσουμε την εμπειρία σας. Αν ένα άρθρο δεν επιλύει το ζήτημά σας και θέλετε να κάνετε μια ερώτηση, η κοινότητα υποστήριξής μας είναι έτοιμη να σας βοηθήσει στο Twitter (@FirefoxSupport) και στο Reddit (/r/firefox).

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Μάθετε περισσότερα

Secure connection failed due to cert issuer is unknown

  • 3 απαντήσεις
  • 1 έχει αυτό το πρόβλημα
  • 13 προβολές
  • Τελευταία απάντηση από Paul

more options

Hi there,

I have a lab in which I have a firewall that can decrypt SSL/TLS sessions by using a proxy mechanism, to further scan content. To do this one must deploy a CA certificate on the firewall to issue certificates for the clients' connections - so the certificate chain being sent to the client for any website would be the freshly created server certificate issued by the firewall, the signing (sub)CA certificate and the Root CA certificate.

This works with Firefox, Chrome and Edge on my Windows 10. It also works with Chrome on my Android 9, but not with Firefox. Here I get:

Secure connection failed - Can be a server config error - If you could access this server before, try again later..

Someone could have made a false version of the website.

Firefox does not trust https://<website>, because the issuer of the certificate of the website is unknown.

I think this behaviour should be changed so that it allows this "custom" certificate chain.

I have Firefox version 90.1.1 installed on my Android 9 and no add-ons installed.

/Peter

Hi there, I have a lab in which I have a firewall that can decrypt SSL/TLS sessions by using a proxy mechanism, to further scan content. To do this one must deploy a CA certificate on the firewall to issue certificates for the clients' connections - so the certificate chain being sent to the client for any website would be the freshly created server certificate issued by the firewall, the signing (sub)CA certificate and the Root CA certificate. This works with Firefox, Chrome and Edge on my Windows 10. It also works with Chrome on my Android 9, but not with Firefox. Here I get: '''''Secure connection failed''' - Can be a server config error - If you could access this server before, try again later.. Someone could have made a false version of the website. Firefox does not trust https://<website>, because the issuer of the certificate of the website is unknown.'' I think this behaviour should be changed so that it allows this "custom" certificate chain. I have Firefox version 90.1.1 installed on my Android 9 and no add-ons installed. /Peter

Όλες οι απαντήσεις (3)

more options

I now learned it is really an Android/Google thing to use certificate pinning, which will of course break everything that is given a "custom" certificate chain.

So I do not know if Firefox is able to "save" their own app or it would resolve if Google stops using certificate pinning in an out-of-control way.

more options

So this is an interesting article by DigiCert from July 2020: https://www.digicert.com/blog/certificate-pinning-what-is-certificate-pinning

But I found that this is not an issue caused by certificate pinning I am seeing, but because Firefox on Android does not use the Android Certificate store - and there seems no way to install certificates into Firefox (there are mentionings on opening a PEM formatted cert in the browser, but it will only install into Android Certificate store.

Reading this GitHub I found a secret menu that allows one to enable the use of the Android Cert store in Firefox: https://github.com/mozilla-mobile/fenix/issues/3728

Tab some times on the Firefox logo in About in the settings menu. Then go to the new Secret menu and enable the Android cert store.

more options

Hi

Yes - as you have found, we are working on increased support for certificates in Firefox for Android and are currently testing it in Nightly. Hopefully it will land in the Release version very soon.