Copied portable version of Firefox to a new Win7-64 PC and get a certificate invalid error on google.com and also got a read only error from Program Files (x86)
I copied my Firefox Portable from a 32bit Windows XP to a 64bit Windows 7. First I copied it to the Program Files (x86) folder but Firefox gave a error that it can't work on a read only drive, which it isn't. I checked the FirefoxProtavble folder and it was set to readonly so I changed it on that folder and subfolders and Firefox still gave the error. I then created a Programs (Portable) Folder on the root and made sure it was not readonly and the error disappeared. However I get an invalid certificate error when I try to go to google.com. The same copy works fine on Windows XP. I tried deleting the cert8.db foile from the profile and still get the error. BTW Firefox is version 40.3 and Windows is fully up to date. I am running Kaspersky Total Security which asked me to install an extension when I first started Firefox.
Chosen solution
You can check if you can find the "Kaspersky Anti-Virus Personal Root Certificate" in this folder:
- "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"
All Replies (6)
There is security software like Avast and Kaspersky that intercept secure connections and send their own certificate.
If you can't inspect the certificate via "I Understand the Risks" then try this:
Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field of this window type or paste the URL of the website.
- retrieve the certificate via the "Get certificate" button
- click the "View..." button to inspect the certificate in the Certificate Viewer
You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.
If the certificate is issued by your Kaspersky security software then you have two options:
- disable scanning secure connections in Kaspersky
- install the Kaspersky root certificate.When prompted set the trust bit to use the certificate to "Trust this CA to identify websites"
http://support.kaspersky.com/us/9093#block1
http://support.kaspersky.com/us/9927#block1
Thanks for the super quick response. I've installed the root certificate from Kaspersky but it doesn't tell me where it put it and I can't find it when searching for a *.cert, *.crt, cert*.*, and so on so there's no way for me to tell Firefox to use that certificate. My only solution may be to disable SSL scaning, which I'm not too happy about.
You need to import the Kaspersky root certificate in the Firefox Certificate Manager.
- Tools > Options > Advanced > Certificates: View Certificates
When prompted, place a tick on "Trust this CA to identify websites" trust bit to make the imported certificate work as a trusted root certificate to trust websites. Note that trust bits should only be set for a root certificate and never for intermediate certificates.
I know where to get Firefox to import a certificate, I just can't find where Kaspersky put the one I installed in Total Security's network options.
I guess I will have to ask the question on Kaspersky's forum since the problem is caused by Total Security. I don't want to deactivate it on SSL but I might have to.
Chosen Solution
You can check if you can find the "Kaspersky Anti-Virus Personal Root Certificate" in this folder:
- "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"
Found it! And it worked. I was looking in "C:\Program Files (x86)\Kaspersky Lab\" when it was here: "C:\ProgramData\Kaspersky Lab\AVP16.0.0\Data\Cert".
I can now safely use https websites.
Thank you for your help.