This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SSL_ERROR_UNKNOWN_CA_ALERT, but all CA certificates are be installed already and exceptions don't work

more options

I am on Linux Mint, Firefox 100.0 and I am trying to access a website, https://www.citapreviadnie.es:38188 (requires personal DNIe certificate). However, I keep getting SSL_ERROR_UNKNOWN_CA_ALERT. If I view the certificate of the website,

1. Firefox doesn't tell me which part of the chain is invalid or not trusted (or I don't see it) 2. When I try to download and import each of the CA certificates, I get an alert saying "This certificate is already installed as a certificate authority." 3. If I try to import the whole chain, I get another alert telling me "This is not a certificate authority certificate, so it can’t be imported into the certificate authority list." 4. If I try to add a permanent exception to the site, I see "This site attempts to identify itself with invalid information", but if I click "view certificate" I'm back to step 1, and adding the exception does not have any effect.

What am I supposed to do now?

I am on Linux Mint, Firefox 100.0 and I am trying to access a website, https://www.citapreviadnie.es:38188 (requires personal DNIe certificate). However, I keep getting SSL_ERROR_UNKNOWN_CA_ALERT. If I view the certificate of the website, 1. Firefox doesn't tell me which part of the chain is invalid or not trusted (or I don't see it) 2. When I try to download and import each of the CA certificates, I get an alert saying "This certificate is already installed as a certificate authority." 3. If I try to import the whole chain, I get another alert telling me "This is not a certificate authority certificate, so it can’t be imported into the certificate authority list." 4. If I try to add a permanent exception to the site, I see "This site attempts to identify itself with invalid information", but if I click "view certificate" I'm back to step 1, and adding the exception does not have any effect. What am I supposed to do now?
Attached screenshots

All Replies (5)

more options

Web search: https://www.bing.com/search?q=SSL_ERROR_UNKNOWN_CA_ALERT https://bugzilla.mozilla.org/show_bug.cgi?id=1582926 Bug 1582926 Opened 3 years ago Closed 3 years ago SSL_ERROR_UNKNOWN_CA_ALERT on a two way SSL website with custom CA

more options

From the last comment:

> Fixed with Firefox 72 if you import your Client-certificate before accessing the Site. Otherwise you will get the annoying SSL_ERROR_BAD_CERT_ALERT error. Firefox now select the correct Client-certificate is more than one is available.

I understand that I have to delete my imported client certificate and import it again then. I'll try that and report back.

more options

Unfortunately, doing this doesn't work.

more options
more options

I'm on Linux and I don't have, to my knowledge, any software that might be doing that.