The certificate is not trusted because no issuer chain was provided
I have a problem accessing an https website with Firefox (26.0), but have no problems accessing it with either Chrome or IE. The particular URL deep links into a message forum.
https://www.lotro.com/forums/showthread.php?535472-Update-12-1-Scaling-Instance-Loot
I get the following error message:
This connection is untrusted You have asked Firefox to connect securely to www.lotro.com, but we can't confirm that your connection is secure. www.lotro.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
Adding an exception works, but only for this one message thread. The next time I have a different thread we go through the same routine.
OK, I've read the forums a bit: Disabled all Add-ons I'm not running any SSL scanning. Both browser.xul.error_pages.enabled and browser.xul.error_pages.expert_bad_cert are set to True. Certificate dates are fine as is my clock/date. I've deleted cert8.db
When it does load rather than getting a lock I get an exclamation point and a mouseover says Website does not supply identify information.
When I tell Firefox to get the certificate I get:
Certificate Status: This site attempts to identify itself with invalid information. Unknown Identity Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature.
When I view the certificate I find: Issued To Common Name (CN) *.lotro.com Organization (O) The Saul Zaentz Company Organizational Unit (OU) Secure LInk SSL Wirecard Issued By CN Network Solutions Certificate Authority O Network Solutions L.L.C. OU <Not Part of Certificate> Validity Issued on 1/3/2012 Expires on 1/17/2016
Under Details > Extensions I find Certificate Basic Constraints: Critical, Is not a Certificate Authority.
The security trust chain looks like this:
USERTrust
UTN-USER-First-Hardware Network Solutions Certificate Authority *.lotro.com
All Replies (6)
Hi Paul5358, I've been assuming the "Software Security Device" certificates are accumulated as Firefox encounters and validates them. If that's true, your lack of such items probably is due to deleting your old certificate file (cert8.db). But I may be wrong about the source of those.
Yes, certificates that show as "Software Security Device" are intermediate certificates that Firefox automatically stores for future use when you visit a website the send such a certificate.
If a server doesn't send a full certificate chain then you won't get an error when Firefox has stored missing intermediate certificates from visiting a server in the past that has send it, but you do get an error if this intermediate certificate isn't stored.
I had this same error. Started up for no reason at all, that I could figure. Then, I noticed I had Fiddler running in the background.
Closing it made the problem go away-- Fiddler had done something strange. When I went to add an exception to a site and looked at the Certificate Status I saw a bunch of entries in the Common Name and Organization info stating "DO_NOT_TRUST" and "DO_NOT_TRUST_FiddlerRoot"
Hi larryq, do you recall installing Fiddler? If not, some other software with bad intentions may have installed it. In addition to deleting those exceptions, you may want to run some supplemental malware scans. This article lists tools other Firefox users have found helpful: Troubleshoot Firefox issues caused by malware.
Yes, I specifically installed it to debug web sessions; capture HTTP response codes, etc.
As soon as I closed Fiddler my problems with FF and https certificates went away.
Hi larryq, it's nice when there is an innocent explanation.
If you still want to track HTTP traffic, you can turn off HTTPS decoding to avoid certificate issues. This article shows where that setting is in Fiddler's options: http://fiddler2.com/documentation/Con.../DecryptHTTPS.