I continue to receive error messages with the untrusted connection and error code ((Error code: sec_error_cert_signature_algorithm_disabled). What do I do?
I have been using Firefox for years and have had no issue. Tonight, when I try to go to my normal websites (AOL mail, Etsy, etc.) I receive an error message of:
This Connection is Untrusted
You have asked Firefox to connect securely to my.screenname.aol.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
my.screenname.aol.com uses an invalid security certificate.
The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
(Error code: sec_error_cert_signature_algorithm_disabled)
I have tried updating Firefox, I have run a security check, I have search the forums...I have not found a solution for this error code.
What am I able to do?
Solução escolhida
See:
- [/questions/936029] All https: websites are experiencing cert untrusted errors with Digitalmarketresearchapps Pty Ltd showing as cert provider. No viruses detected on my system.
https://www.google.com/search?q=digitalmarketresearchapps
Ler esta resposta 👍 1Todas as respostas (13)
Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.
If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
You can use this button to go to the current Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
- http://kb.mozillazine.org/Profile_folder_-_Firefox
I thank you for your time and efforts. I tried the suggestion and renamed the cert file and deleted the cert override file and I am still receiving the same error message.
Hmm, when I look at the cert on that site it seems fine. (Screen shot attached.)
On Etsy and other secure sites, is it that same code: "sec_error_cert_signature_algorithm_disabled"?
Could you take a look at your preference settings and see whether any of these have been modified from their defaults:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste security.ssl and pause while the list is filtered
(3) If any preferences starting with security.ssl are bolded and "user set" to false, you can right-click > Copy Name and paste it into a reply here for consideration.
Note: it's okay to set these two to false (note they have dhe in them):
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Below are all of the items that came up false:
security.ssl.errorReporting.automatic security.ssl.false_start.require-npn security.ssl.require_safe_negotiation security.ssl.treat_unsafe_negotiation_as_broken
The items were not is bold and were labeled as default, but I included them anyway.
Thanks!
What are the settings of the above mentioned 'security.ssl3.dhe' prefs?
You can set these prefs to false on the about:config page to disable the cipher suites that are involved with the Logjam vulnerability in case they are currently enabled.
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
security.ssl3.dhe_rsa_aes_128_sha;true security.ssl3.dhe_rsa_aes_256_sha;true
I tried to change the two above mentioned items and I received the same error code. It originally let me on AOL mail this morning, for about a minute and a half, but then I received the same error message as in the original post. This is the same error message that I receive through the Etsy site also.
Two other users just posted about getting this "sec_error_cert_signature_algorithm_disabled" error, which otherwise is very rare on this forum. Perhaps there is some new malware going around, or a change in Firefox surfaced an issue with something that was already on your system.
Have you ever seen this code on any other secure site?
Actually, you already mentioned two sites, so probably there are more.
To gather further information, you could inspect a sample certificate to see whether that points to the culprit. For example, you can open my test page at:
https://jeffersonscher.com/res/jstest.php
You likely will get an error page. Expand the "I understand the risks" section and look for an Add Exception button.
Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.
Click Add Exception, and the certificate exception dialog should open.
Click the View button. If View is not enabled, try the Get Certificate button first.
This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.
I have attached images of what your steps showed.
Maybe check in another browser like Google Chrome what certificate(s) are used and other connection details like the TLS version.
You can check the connection settings.
- Tools > Options > Advanced > Network : Connection > Settings
- https://support.mozilla.org/kb/Options+window+-+Advanced+panel
If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.
See "Firefox connection settings":
Solução escolhida
See:
- [/questions/936029] All https: websites are experiencing cert untrusted errors with Digitalmarketresearchapps Pty Ltd showing as cert provider. No viruses detected on my system.
Alterado por cor-el em
As mentioned by cor-el, check for a program or add-on named E-Rewards and/or E-Rewards Notify.
(1) Open the Windows Control Panel, Uninstall a Program. After the list loads, click the "Installed on" column heading to group the infections, I mean, additions, by date. This can help in smoking out undisclosed bundle items that snuck in with some software you agreed to install. Be suspicious of everything you do not recognize/remember, as malware often uses important or innocent sounding names to discourage you from removing it. Take out as much trash as possible here.
(2) Open Firefox's Add-ons page using either:
- Ctrl+Shift+a
- "3-bar" menu button (or Tools menu) > Add-ons
- in the Windows "Run" dialog, type or paste
firefox.exe "about:addons"
In the left column, click Plugins. Set nonessential and unrecognized plugins to "Never Activate".
In the left column, click Extensions. Then, if in doubt, disable (or Remove, if possible) unrecognized and unwanted extensions. Bear in mind that all extensions are optional, none come with Firefox, and you can learn more about them by checking their reviews on the Add-ons site.
Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
Does that resolve it? If not:
(3) You can search for remaining issues with the scanning/cleaning tools listed in our support article: Troubleshoot Firefox issues caused by malware. These on-demand scanners are free and take considerable time to run. If they finish quickly and especially if they require payment, you may have a serious infection. I suggest the specialized forums listed in the article in that case.
Success?
Thank You! I went through your steps and followed the link from another user having the same issue. I had the e-rewards notify app and have uninstalled it. The issue seem to have been resolved, at least for now.