Firefox 36 does not trust any SSL including https://support.mozilla.org
Every page that has SSL enabled gives me an error saying that This Connection is Untrusted, Error code: sec_error_expired_issuer_certificate.
Even if I add an exception for every site(which is in no way practical) the site content still does not appear correctly.
This happens for sites like https://www.google.com and also https://support.mozilla.org I'm using Firefox 36 and I would have included screenshots but the site would not allow me to upload images.
Chosen solution
I believe I have found the cause of this problem. The culprit is network security softwares, such as McAfee Web Gateway or Palo Alto SSL Decryption. Depending on implementation of these, the network computers will receive these errors while running Firefox.
It may be possible to work around these specific softwares by doing something similar from the following: https://community.mcafee.com/docs/DOC-5222 https://live.paloaltonetworks.com/docs/DOC-3486 https://live.paloaltonetworks.com/docs/DOC-7521
Good luck!
Read this answer in context 👍 0All Replies (10)
Is your system date and time good?
hi EthanR, please make sure that you set the right date, time and timezone for your location: time.is
http://windows.microsoft.com/en-us/windows/set-clock#1TC=windows-7
philipp said
hi EthanR, please make sure that you set the right date, time and timezone for your location: time.is http://windows.microsoft.com/en-us/windows/set-clock#1TC=windows-7
Yes my Date and Clock are accurate.
A common reason for this is Firefox not being set up to work with your security software that intercepts secure connections. To work, that feature involves presenting a "fake" certificate to Firefox so the software can decrypt and inspects all of your activity with the secure site. Products that have this include avast! 2015, BitDefender, ESET, and Kaspersky. If you have one of these products, that could be the issue.
If you don't use any of those products, another possibility is a malware infection, so what we generally suggest is inspecting the issuer information for the certificate Firefox is rejecting.
- If you have added an exception, click the padlock icon in the address bar, then More Information, then View Certificate
- If you have not added an exception, you can use the exception dialog to check out the certificate without actually adding an exception. Click the "View" button.
Either way, see whether the Issued By section refers to a known software product or other unusual entry. For this site, for example, you should find the Common Name: DigiCert High Assurance EV CA-1
jscher2000 said
A common reason for this is Firefox not being set up to work with your security software that intercepts secure connections. To work, that feature involves presenting a "fake" certificate to Firefox so the software can decrypt and inspects all of your activity with the secure site. Products that have this include avast! 2015, BitDefender, ESET, and Kaspersky. If you have one of these products, that could be the issue. If you don't use any of those products, another possibility is a malware infection, so what we generally suggest is inspecting the issuer information for the certificate Firefox is rejecting.
- If you have added an exception, click the padlock icon in the address bar, then More Information, then View Certificate
Either way, see whether the Issued By section refers to a known software product or other unusual entry. For this site, for example, you should find the Common Name: DigiCert High Assurance EV CA-1
- If you have not added an exception, you can use the exception dialog to check out the certificate without actually adding an exception. Click the "View" button.
Thank you for the reply, but this problem occurs on almost all machines at my company, I also do not have any of those programs installed, this is also a new install so any malware is highly unlikely. The SSL cert has all of the correct information. The Issued By is DigiCert High Assurance EV CA-1
Modified
What is the expire date/time of that certificate?
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
- retrieve the certificate via the "Get certificate" button
- inspect the certificate via the "View..." button
See also:
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB (crop image(s) if necessary or save with higher compression)
Company network, hmm, I wonder whether a proxy is involved? Is Firefox configured for a proxy here:
"3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button
cor-el said
What is the expire date/time of that certificate? Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:In the location field type/paste the URL of the website
- chrome://pippki/content/exceptionDialog.xul
- retrieve the certificate via the "Get certificate" button
- inspect the certificate via the "View..." button
See also:
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB (crop image(s) if necessary or save with higher compression)
The cert's dates are Begins On 9/17/2013 and Expires On 9/23/2015
jscher2000 said
Company network, hmm, I wonder whether a proxy is involved? Is Firefox configured for a proxy here: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button
Yes it is configured for system proxy settings. But setting it for No proxy or for Auto-detect proxy settings for this network. Results in the same outcome.
cor-el said
What is the expire date/time of that certificate? Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:In the location field type/paste the URL of the website
- chrome://pippki/content/exceptionDialog.xul
- retrieve the certificate via the "Get certificate" button
- inspect the certificate via the "View..." button
See also:
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB (crop image(s) if necessary or save with higher compression)
Also I tried both a PNG and a JPG the latter was only 60 KB
Chosen Solution
I believe I have found the cause of this problem. The culprit is network security softwares, such as McAfee Web Gateway or Palo Alto SSL Decryption. Depending on implementation of these, the network computers will receive these errors while running Firefox.
It may be possible to work around these specific softwares by doing something similar from the following: https://community.mcafee.com/docs/DOC-5222 https://live.paloaltonetworks.com/docs/DOC-3486 https://live.paloaltonetworks.com/docs/DOC-7521
Good luck!