Why does Firefox block every page ?
Why does Firefox block every page? It says the connection is not secure, and even refuses access to Mozilla support, saying "The owner of support.mozilla.org has configured their website improperly."? (I'm having to use Chrome to send this).
A few remarks: 1) It's happened before. 2) I've only ever had this problem with FF - not with other browsers. 3) I'm not running any antivirus software 4) I have an iMac, system 10.13.3
When will Firefox become, at last, a browser that "just works" instead of needing constant troubleshooting and workarounds ?
Toate răspunsurile (4)
This would normally only happen if you have security software that acts like a man-in-the-middle or use a proxy that sends its own certificate.
Can you check the issuer of the certificate? Is there an "Advanced" button present?
You can click the "Advanced" button to expand this section and show extra details. If the certificate is not trusted because the issuer certificate is unknown (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste the base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.
Alternatively you can open the Certificate Manager and go to the Servers tab.
- Options/Preferences -> Privacy & Security -> Certificates: View Certificates
The Servers tab has an "Add Exception" button to open the "Add Security Exception" window. You can type/paste the domain in the location field and click "Get Certificate" to retrieve the certificate and click the "View" button to inspect details of the certificate like its issuer.
For reference, here's your thread from the previous time: https://support.mozilla.org/questions/1199905
Thank you for your reply. As I said I am not using anti-virus software or any special security software. Just the normal defences that seem built in to the Mac system.
When I try to open any page, I get the error message. I had already done what you suggest. I'll demonstrate, using the url of the mozilla support page.
1) first I get the message "Your connection is not secure" and "The owner of support.mozilla.org has configured their website improperly". 2) if I click Advanced, I see "support.mozilla.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER " 3) If I click SEC_ERROR_UNKNOWN_ISSUER, I get the message "https://support.mozilla.org/1/firefox/58.0.1/Darwin/en-US/security-error Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: false Certificate chain". 4) It then asks me to copy the text to clipboard as you suggest, but if I click on that instruction, nothing happens. The "copy the text to clipboard" button seems inert. 5) you suggest a sort of workaround using the certificates manager. I'd never heard of this before but finally found it found it in FF Preferences. But after that I'm lost. You speak of a servers tab which doesn't exist, much less an "Add Exception tab". Your instructions seem to apply to a PC, not a Mac. But more importantly, why should I have to use a workaround? And why should I need to do this every time I try to visit a web page? It should not be necessary. Other browsers, as I've said, "just work", FF is the only one to give me this kind of problem.
Modificat în
xkreiss said
3) If I click SEC_ERROR_UNKNOWN_ISSUER, I get the message "https://support.mozilla.org/1/firefox/58.0.1/Darwin/en-US/security-error Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: true HTTP Public Key Pinning: false Certificate chain".
Since the expanded information doesn't include the encoded certificate, no point copying that text.
I you go to a site that isn't so high security, you can use the "Add Exception" button to view the certificate. For example:
Click the Advanced button again, then click the "Add Exception" button (see first screenshot below). We're not really going to add an exception, but we can get a better view of the certificate here.
In the Add Exception dialog, click the "View" button to pop up a certificate viewer. The interesting part is the "Issued by" section. I've marked that on the second screenshot for reference.
On my site, the "Issued by" section shows me "Let's Encrypt Authority X3". What do you see there?
(These example screenshots are from a test page, not my site)