SEC_ERROR_UNKNOWN_ISSUER on https://discordapp.com
Firefox refuses to visit https://discordapp.com, complaining about SEC_ERROR_UNKNOWN_ISSUER. Upon inspection of the certificates, the root CA is "COMODO ECC Certification Authority" - Serial Number 16:E5:86:78:E0:70:94:39:4B:DF:DB:4E:FC:A6:3B:DF.
The Firefox certificate manager contains a trusted entry for "COMODO ECC Certification Authority", however it is a different cert with serial number 1F:47:AF:AA:62:00:70:50:54:4C:01:9E:9B:63:99:2A.
I'm wondering what's the cause of this situation? Did Comodo recently change certificates? Can somebody else check which version of the "COMODO ECC Certification Authority" is shipped with their FF?
Chosen solution
I have the same Comodo root certificate as you. If there are certificate issue then this is more likely an issue with the intermediate certificate, in this case "COMODO ECC Domain Validation Secure Server CA 2".
You can try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.
- Help -> Troubleshooting Information -> Profile Folder/Directory:
Windows: Open Folder; Linux: Open Directory; Mac: Show in Finder - https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
All Replies (2)
Chosen Solution
I have the same Comodo root certificate as you. If there are certificate issue then this is more likely an issue with the intermediate certificate, in this case "COMODO ECC Domain Validation Secure Server CA 2".
You can try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
If this has helped to solve the problem then you can remove the renamed cert9OLD.db file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.
- Help -> Troubleshooting Information -> Profile Folder/Directory:
Windows: Open Folder; Linux: Open Directory; Mac: Show in Finder - https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
cor-el said
If there are certificate issue then this is more likely an issue with the intermediate certificate, in this case "COMODO ECC Domain Validation Secure Server CA 2". You can try to rename the cert9.db file (cert9OLD.db) and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has cached.
Deleting cert9.db has indeed resolved the problem. Now FF displays 1F:47:AF:... as root signatory of the discordapp.com certificate. Interestingly, only deleting the cached intermediate certificate (COMODO ECC Domain Validation Secure Server CA 2) in the certificate manager was not enough. So I'm still quite clueless how exactly this issue was caused. Anyway, thanks for your help.