There are hundreds of changes in each major release of Firefox, so the cause of the issue could be difficult to guess without more information.

Do you want to post the URL of your site?

If not, could you generate a report using this test page: https://www.ssllabs.com/ssltest/. That often will help identify the problem Firefox has with the certificate.

By the way, did you ever test in Firefox 36 or 37? It might be helpful to track down which versions did and did not object as a way to narrow down the problem. You can use the unofficial "Portable" versions of Firefox 36 and 37 to test that without disrupting your main installation.

• Firefox 37.0.2 Portable Ed. on SourceForce
• Firefox 36.0.1 Portable Ed. on SourceForce

https://dealcenter.americanexpress.com/ is the url

i think the site was working fine as of firefox 35. that is the last version

The root signing certificate ("GTE CyberTrust Global Root") was removed in Firefox 36. No version of Firefox from 36 on will trust certificates that depend on that root.

This change is part of an effort to no longer trust some signing certificates. See: https://blog.mozilla.org/security/201.../phase-2-phasing-out-certificates-with-1024-bit-rsa-keys/.

At the time this change was approved, only 47 of the Alexa Top 1 Million sites were detected as still using it. Yours wasn't on the list, so no one reached out to you with this information.

Sorry! You'll need a new cert.

you mean do i need to get a new cert from a different authority or from GTE it self

You could check with your original cert vendor (the article suggests it's Verizon) on whether they have a free replacement valid for the rest of the term (through July). Otherwise, you'll need a new one from any certificate issuer your company has on its approved vendor list. Or maybe the company has a signing certificate and can generate a new one without any actual purchase??