Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Buscar en Ayuda

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

CA Signed Certificate shows as "not valid"

  • 4 respuestas
  • 1 tiene este problema
  • 1 visita
  • Última respuesta de jCubed

more options

There is a certificate for an internal website that FireFox is saying is not valid/secure and it makes you add an exception. However, if you use IE, Edge or Chrome it loads fine with the valid CA Certificate. I've cleared all data (cache/etc...) and it hasn't fixed it. Hopefully someone has a fix for this?

Getting "SEC_ERROR_UNKNOWN_ISSUER" for the certificate and its saying:

   Peer’s Certificate issuer is not recognized.
   HTTP Strict Transport Security: false
   HTTP Public Key Pinning: false


FireFox Version: 91.8.0esr (64-bit) Operating System: Windows 10 (64-bit)

There is a certificate for an internal website that FireFox is saying is not valid/secure and it makes you add an exception. However, if you use IE, Edge or Chrome it loads fine with the valid CA Certificate. I've cleared all data (cache/etc...) and it hasn't fixed it. Hopefully someone has a fix for this? Getting "SEC_ERROR_UNKNOWN_ISSUER" for the certificate and its saying: Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false FireFox Version: 91.8.0esr (64-bit) Operating System: Windows 10 (64-bit)

Modificadas por jCubed el

Solución elegida

Firefox does not use the operating system certificate store by default.

Can you go to about:config and search for the preference

security.enterprise_roots.enabled

and change it to true and see if that fixes things?

Leer esta respuesta en su contexto 👍 1

Todas las respuestas (4)

more options

Solución elegida

Firefox does not use the operating system certificate store by default.

Can you go to about:config and search for the preference

security.enterprise_roots.enabled

and change it to true and see if that fixes things?

more options

So, that fixed it, thanks! But why would that matter? The certificate is loaded to the server itself. The certificate was not loaded to GPO, windows store or anything else. Only applied to the server itself.

more options

My guess is that your company uses a custom certificate authority for that site (not a public one) and they load that CA into Windows expecting it to work.

more options

That could be. Just not disclosed to us after its generated on specifically what they did. Thanks!