This Connection is untrusted (issuer certificate not trusted)
For the past week I have been unable access internet sites via firefox. I keep getting the "The connection is untrusted" error. It does not matter what site, be it google, Mozilla or Yahoo mail.
I have deleted the cert8.db file, cleaned my history and cache and reset firefox but nothing helps. When I go through the "I understand the risk" steps the sites load but not properly. Usually no pictures will load.
All Replies (12)
hello Glockstr, what is the error code that shows under technical details on the error page & what kind of security software is running on your system?
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted (click "Technical Details to expand that section) and if this is caused by a missing intermediate certificate then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
Note that some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.
- ESET setup -> advanced setup -> extend web and email tree -> SSL
- SSL protocol: Do not scan SSL protocol
www.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
It is a work computer and I believe we use McAffee.
I follow the other directions and viewed the certificate. All looks OK, my time is correct, the certificate isn't set to expire till sometime in October.
Modified
Who is the issuer of the certificate?
When you view the certificate, do you see anything unusual? I've attached what I see for comparison.
In case the OCSP check is failing, can you see whether you've made that mandatory?
orange Firefox button (or Tools menu) > Options > Advanced > Certificates > "Validation" button
Default is first box checked, second box not checked.
Here is a screen shot of the certificate info I get on this site.
On my browser the OCSP is just as you described. The first box is checked and the second is not.
The screenshot shows that the certificate has been released by "proxysg03", so you appear to be using a proxy.
I am not familiar with proxy's but I don't doubt it since this is a work computer. IE and Chrome seem to access the same pages without a problem. I noticed that the problem mainly occurs when the https prefix is used. If I remove the "s" from the address I connect fine but of course can't log into a site without the secured protocol.
You can check the connection settings here:
- Tools > Options > Advanced > Network : Connection > Settings
- https://support.mozilla.org/kb/Options+window+-+Advanced+panel
If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
See "Firefox connection settings":
If you use a proxy and such a proxy doesn't tunnel HTTPS traffic, but builds their own connection and generates its own certificate then only installing a root certificate of that proxy would prevent getting an untrusted error page.
maybe there is software running on your work computer that monitors or filters webtraffic - when firefox is connecting to secure websites (stating with https://) that looks like a man-in-the-middle attack and since it's not connected to the websites in question directly that's why firefox shows the error page...
I had this issue on my work computer. It appears that the proxy was intercepting the certificate and returning itself as the issuer. For some reason Firefox did not like that. Anyway, I was able to export the proxy certificate from Chrome and import it into Firefox: Options > Advanced > View Certificates > Authorities > Import