Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Your connection is not secure

  • 2 replies
  • 4 have this problem
  • 1 view
  • Last reply by usgroupie

more options

Firefox blocks: https://vip.vba.va.gov/portal/VBAH/VBAHome/condopudsearch, and https://vip.vba.va.gov/portal/VBAH/VBAHome/buildersearch "Your connection is not secure" Advanced Tab cites "vip.vba.va.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Error code: SEC_ERROR_UNKNOWN_ISSUER

However, IE 11 has no issue accessing the websites.

Firefox blocks: https://vip.vba.va.gov/portal/VBAH/VBAHome/condopudsearch, and https://vip.vba.va.gov/portal/VBAH/VBAHome/buildersearch "Your connection is not secure" Advanced Tab cites "vip.vba.va.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Error code: SEC_ERROR_UNKNOWN_ISSUER However, IE 11 has no issue accessing the websites.

Chosen solution

Servers are supposed to send not just their own certificate, but any intermediate certificate(s) necessary to link the site's certificate with an ultimate authority that browsers trust. IE has a feature to compensate for an incomplete chain of trust, but Firefox doesn't fill in gaps that way.

This site shows that there is a way to collect different signing certificates to confirm that it should be trusted, but there are multiple steps: https://www.ssllabs.com/ssltest/analyze.html?d=vip.vba.va.gov&s=152.132.104.3&latest

I think that means it's currently safe to make a temporary exception for the site. But if they could "clean up their act" that would be great.

Read this answer in context 👍 0

All Replies (2)

more options

Chosen Solution

Servers are supposed to send not just their own certificate, but any intermediate certificate(s) necessary to link the site's certificate with an ultimate authority that browsers trust. IE has a feature to compensate for an incomplete chain of trust, but Firefox doesn't fill in gaps that way.

This site shows that there is a way to collect different signing certificates to confirm that it should be trusted, but there are multiple steps: https://www.ssllabs.com/ssltest/analyze.html?d=vip.vba.va.gov&s=152.132.104.3&latest

I think that means it's currently safe to make a temporary exception for the site. But if they could "clean up their act" that would be great.

more options

Thank you for the info and the link.