Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Untrusted connection with a certificate signed by an Enterprise CA

  • 2 réponses
  • 3 ont ce problème
  • 1 vue
  • Dernière réponse par cor-el

more options

I have a site hosted on IIS that is secured using a standalone enterprise CA. The CA certificate is stored in both the current user and local machine Trusted Root Certification Authorities stores, and the site works in IE. If I view the certificate in IE, I can see that my CA issued the site cert, and that both are trusted. FF 24 gives me:

ice71.icelab.computer-talk.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

And the window to add an exception says:

Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature.

If I view the certificate, the certificate hierarchy doesn't show the issuer (it does appear in IE), but the "issued by" details on the general tab DOES have the common name of my CA. This common name matches the CN of the cert that's in the Trusted Root CAs store.

Any idea why this won't validate?

I have a site hosted on IIS that is secured using a standalone enterprise CA. The CA certificate is stored in both the current user and local machine Trusted Root Certification Authorities stores, and the site works in IE. If I view the certificate in IE, I can see that my CA issued the site cert, and that both are trusted. FF 24 gives me: ice71.icelab.computer-talk.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And the window to add an exception says: Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature. If I view the certificate, the certificate hierarchy doesn't show the issuer (it does appear in IE), but the "issued by" details on the general tab DOES have the common name of my CA. This common name matches the CN of the cert that's in the Trusted Root CAs store. Any idea why this won't validate?

Toutes les réponses (2)

more options

Does this site work with a www. prefix?

https://www.ice71.icelab.computer-talk.com

The standaloane server seems to be missing the intermediate certificate (RapidSSL CA) that is required to build a certificate chain that ends with a built-in root certificate.

You can download and install the first certificate from this site:

https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

You can Copy and Paste the certificate text of the intermediate certificate to a .cer text file and import the certificate in the Certificate Manager or via Firefox > New Tab > Open File. DO NOT set any trust bits, those are only required for root certificates and should never be set for intermediate certificates.

If that doesn't work then do the following :

The file cert8.db in your profile folder may have become corrupted. Delete this file while Firefox is closed.

Open your profile folder:

  • At the top of the Firefox window, click on the Firefox button, go over to the Help menu and select Troubleshooting Information. The Troubleshooting Information tab will open.
  • Under the Application Basics section, click on Show Folder. A window with your profile files will open.

Note: If you are unable to open or use Fire​fox, follow the instructions in Finding your profile without opening Firefox.

  • At the top of the Firefox window, click on the Firefox button and then select Exit
  • Click on the file named cert8.db.
  • Press Delete.
  • Restart Firefox.

cert8.db will be recreated when you restart Firefox. This is normal.

Report back if it Works ! Thanks!

Modifié le par SHASHANK ROY

more options

Make sure that you install all required intermediate certificates on the server to make it possible for Firefox to build the certificate chain that ends with a root certificate to prevent this untrusted error message.

The issuer of this certificate is icelabCA, no further details and I don't know where this certificate comes from and what would needs to be installed.