I try to go to Google and get Error code: sec_error_unknown_issuer
I try to bring up Google and get this message:
This Connection is Untrusted
You have asked Firefox to connect securely to www.google.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)
I'm on a brand new computer. All I've loaded is Kaspersky Internet Security. This problem is *very* frustrating and annoying.
Yes, I tried deleting the cert8 file and restarting Firefox. Same problem.
Help!!!
כל התגובות (20)
Some added toolbar and anti-virus add-ons are known to cause Firefox issues. Disable All of them.
Start Firefox in Safe Mode {web link} While you are in safe mode;
Type about:preferences<Enter> in the address bar
Select Advanced > General. Look for and turn off Use Hardware Acceleration.
Poke around safe web sites. Are there any problems?
Then restart.
I tried starting in Safe Mode and followed those instructions, but I still get the same message, even in safe mode.
As for disabling all add-ons, I have no idea how to do that. Again, I just took the computer out of the box about three hours ago, so I'm not sure how I could have gotten any add-ons, except I did load Kaspersky.
Any further suggestions?
Just noticed that the date was off -- I had it set for tomorrow instead of today. Fixed that and the problem stopped happening.
Wait -- I take it back. It's still happening. A couple of times Google did come up, but most of the time I'm still getting the error message.
HELP!!!
Seems to be happening only with Google and Google-related sites (e.g, gmail, calendar).
Just now I was able to bring up Google but still got the error messages when I tried to bring up gmail and google drive.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
- Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
- Click the "View" button and inspect the certificate and check who is the issuer.
You can see more details like intermediate certificates that are used in the Details tab.
Can you attach a screenshot that show the issuer?
- http://en.wikipedia.org/wiki/Screenshot
- https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
- Use a compressed image type like PNG or JPG to save the screenshot
- Make sure that you do not exceed the maximum size of 1 MB
Here you go (I just took a photo of it with my phone).. DId you want a picture of the details tab, too?
FWIW, when I start Firefox right after restarting the computer, I don't seem to have the problem.
That is a certificate that is send by your Kaspersky security software, so you would have to install the Kaspersky root certificate.
I do not know if these steps still apply:
1 Go to SETTINGS 2 Click on the BROWN BOX icon 3 Go to NETWORK 4 Click on INSTALL CERTIFICATE (Kaspersky security certificate) follow install instructions.
I gave it a try -- got to "Install certificate," but when I clicked on it, it said that the certificate was already installed.
Under "Encrypted connections scanning," it says that "Some websites may be inaccessible when scanning of encrypted connections is enabled, even after installation of the Kaspersky lab certificate." You can click to see which encrypted sites may be inaccessible, and *.google.com is one of the sites listed. Not sure why Kaspersky doesn't see that as kind of a problem.
But even when I uncheck the box for "Scan encrypted connections," I still get the error message.
Still stumped.
I exited Kaspersky and am still getting the error message. Now when I view the certificate, it says the issuer is Superfish, Inc.
This problem is driving me crazy. I'd like to be able to use my brand new computer to at least check my email without switching over to an entirely different browser.
Seems like Mozilla is blaming Kaspersky and Kaspersky is blaming Mozilla. Meanwhile I can't get my gmail.
What should I do?
Here is what View Certificate brings up now (attached), even when the Kaspersky is running.
I've had very similar behaviour to this since I took the default upgrade install to 33.0 yesterday evening on a freshly booted and fully-patched Win7 box.
In my case, the "This Connection is Untrusted" barf comes up for most https connections, conspicuously including Google (other than Mozilla support!), and seems to involve time travel. The error message always says that the "certificate will not be valid until xxx" where "xxx" is always a time in the past, and then says that the "current time is yyy", where "yyy" is the correct time (expressed in my local time zone). I've checked the clock, and it's as right as ever. I've tried manually disabling the use of a time server, but that didn't help. I've tried restarting Firefox in Safe Mode, and that doesn't help either. The difference in the two xxx and yyy times is always greater than 24 hours, so it's not a minor confusion over timezones.
I know that I could just add exceptions to everything, but I really don't want to do that. I develop on this machine with Firefox as my principal development browser, and I need to keep my certificate store clean of any overrides lest I mask true certificate problems with my integration partners.
The only clue I've come up with so far is that I've found that if I disable/remove mention of the relevant domains from my Charles Proxy's Proxy Settings > SSL tab then things start to work again. I basically always run with Charles monitoring everything, and it's important to me that I have it decode SSL traffic whenever possible (it is a dev. box as noted above).
All these settings used to work just fine until I took the new release. I can reproduce this behaviour easily now on any machine by (say) adding www.google.com:443 to the proxy settings on that machine. I'm no SSL/crypto type, so I really don't claim to understand any of the interactions going on, but this behaviour hints to me that there's been some sort of change in the machinery concerning certificates or in the certificates themselves such that trust has broken down. At the very least, the time travel issue noted above has to be a bug. Even if the trust of the certificates in question has broken down, the reason _stated_ is clearly wrong, and indeed one might speculate that the incorrect reason being stated might even be the cause of the breakdown of trust, though that's clearly a point of speculation on my part.
Anyone have any clue?
Lydia.
Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Have done, and they were correct, as noted above.
Me too. The date and time are correct.
What next?
And again, even when I exit the Kaspersky anti-virus software, I still get the error message. That does make it seem like the problem must be with the new release of Firefox (maybe in conjunction with Windows 8.1?), not with the anti-virus software.
Like Lydia, I really don't want to get into the business of just adding dozens of exceptions. That would seem to defeat the point of whatever security protection Firefox is trying to provide.
I'm now back to seeing the Kaspersky certificate, not the Superfish one, if that makes any difference.
Who is the issuer of the certificate?
Retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
- Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
- Click the "View" button and inspect the certificate and check who is the issuer.
You can see more details like the intermediate certificates that are used in the Details tab.
I did that. See the two photo attachments above.
In the details tab, nothing much appears. Under "certificate hierarchy," all that appears is "www.google.com." Under "Certificate fields," I can click on things and get the "field values," but I don't know what they mean or which ones I should look at. If there's some field in there that you think matters, let me know and I'll tell you what appears in it.
It says the certificate is valid not before 10/8/2014 and not after 1/5/2015.
What next?