We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Ovo će web mjesto raditi na ograničen način, dok obavljamo održavanje stranice. Ako neki članak ne riješi tvoj problem i ako želiš postaviti pitanje, naša zajednica za podršku spremna je pomoći na Twitteru @FirefoxSupport i na Redditu /r/firefox.

Pretraži podršku

Izbjegni prevare podrške. Nikad te nećemo tražiti da nas nazoveš, da nam pošalješ telefonski broj ili da podijeliš osobne podatke. Prijavi sumnjive radnje pomoću opcije „Prijavi zlouporabu”.

Saznaj više

sec_error_unknown_issuer for a certificate trusted by every other browser

  • 3 odgovora
  • 7 ima ovaj problem
  • 37 prikaza
  • Posljednji odgovor od cor-el

more options

Dear Forum mebers,

I completely gave up this, so I hope somebody may have seen this issue and could resolve it :) We have an intranet corporate site, based on Windows Server 2012 R2 IIS server. I built up a single, WS2012R2 Standalone Root Certification Authority, and this CA only issued just one certificate -> for this site. After this, I imported the CA certificate to the trusted root certification authorities node via Group Policy.

Now, every single web browser can open the page without any problems (since the CA is trusted), only FireFox not. The issue happening is sec_error_unknown_issuer. What could I do with this? I tried to google a lot, but there is always speaking about intermediate certificates and certificate chain. But this time, there is absolutely no intermediate CA, since I have only a Root CA!

Are there any suggestions which I could try?

Thank you a lot for your help!

Best Regards, Christian

Dear Forum mebers, I completely gave up this, so I hope somebody may have seen this issue and could resolve it :) We have an intranet corporate site, based on Windows Server 2012 R2 IIS server. I built up a single, WS2012R2 Standalone Root Certification Authority, and this CA only issued just one certificate -> for this site. After this, I imported the CA certificate to the trusted root certification authorities node via Group Policy. Now, every single web browser can open the page without any problems (since the CA is trusted), only FireFox not. The issue happening is sec_error_unknown_issuer. What could I do with this? I tried to google a lot, but there is always speaking about intermediate certificates and certificate chain. But this time, there is absolutely no intermediate CA, since I have only a Root CA! Are there any suggestions which I could try? Thank you a lot for your help! Best Regards, Christian

Svi odgovori (3)

more options

Is that root certificate also imported in Firefox because Firefox uses its own certificate storage and stores extra certificates in the cert8.db file in the Firefox profile folder?

  • Tools > Options > Advanced > Certificates: View Certificates
more options

Dear cor-el,

Thank you a lot for your answer. This sounds really annoying, because I have 500 clients in my network, with really a lot firefox browser. So in your opinion, is there any way to have this certificate accepted remotely? Because simply I'm not able to import it on every machine, just from Group Policy or any other management feature. Maybe if I script this NSS Tool at logon, to import my custom Root CA?

ps.: If there aren't any way to do this, then how Firefox is used at huge companies? Like a similar situation when the company has it's own CA and intranet portal.

Thank you for your help! Christian

more options