Этот сайт имеет ограниченную функциональность, пока мы проводим техническое обслуживание для улучшения его работы. Если какая-либо статья не решила вашу проблему и вы хотите задать вопрос, наше сообщество поддержки ждёт вас: @FirefoxSupport в Твиттере и /r/firefox на Reddit.

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

I allowe firefox to update today (MacOS 10.11.6, Firefox 61.0.2, 64-b it) and can no longer browse - Firefox claims all certs are bad, even Mozilla's cert.

  • 8 ответов
  • 1 имеет эту проблему
  • 2 просмотра
  • Последний ответ от jssimonson

more options

I let Firefox upgrade this morning to 61.0.2, 64-bit on MacOS 10.11.6. Now it claims all certs are bad (even Mozilla's certs) with the following type of message "Your connection is not secure. The owner of www.mozilla.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Learn more… Report errors like this to help Mozilla identify and block malicious sites"

I either add exceptions (which seems wrong) or I cannot browse to any site

I let the upgrade occur because firefox claimed it had a slow start up and wanted to fix that.

I let Firefox upgrade this morning to 61.0.2, 64-bit on MacOS 10.11.6. Now it claims all certs are bad (even Mozilla's certs) with the following type of message "Your connection is not secure. The owner of www.mozilla.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Learn more… Report errors like this to help Mozilla identify and block malicious sites" I either add exceptions (which seems wrong) or I cannot browse to any site I let the upgrade occur because firefox claimed it had a slow start up and wanted to fix that.

Выбранное решение

A followup - I did find how to tell AVG to not do the man-in-the-middle checks, and that does allow Firefox to reach sites I've used for years (Mozilla, MSN, F1, etc.)

A good and fast support system - thanks to all that helped.

Прочитайте этот ответ в контексте 👍 0

Все ответы (8)

more options

hi, first please make sure that the date, time & timezone are set correctly on your system. if this doesn't solve the issue (or it is already set properly), a solution depends on the individual circumstances:

  • what is the error code shown when you click on advanced on that error page?
  • please also give us more information about the error by clicking on the error code, copying the text to the clipboard and then pasting it here into a reply in the forum like shown in the screenshot.

thank you!

more options

The error message is "SEC_ERROR_UNKNOWN_ISSUER", and if you click on that you get the cert displayed and 'Peer’s Certificate issuer is not recognized. '

Time is correct (set via ntp I suspect, and matches other time sources (e.g., a clock set by radio signal). Timezone (EDT) is also correct.

more options

jssimonson said

The error message is "SEC_ERROR_UNKNOWN_ISSUER", and if you click on that you get the cert displayed and 'Peer’s Certificate issuer is not recognized. '

Can you share the large block of gibberish (encoded certificate)? This may help identify a "man in the middle" of Firefox's connection to the site.

In anticipation, I'll also give you this link: How to troubleshoot security error codes on secure websites.

more options

Sure, and thanks for the help. The AV product I use on that Mac is AVG 18.3. I've initiated a full scan.

Here's the block of info for the cert: www.mozilla.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.

Error code: SEC_ERROR_UNKNOWN_ISSUER https://www.mozilla.com/


Peer’s Certificate issuer is not recognized.


HTTP Strict Transport Security: false

HTTP Public Key Pinning: false


Certificate chain:



BEGIN CERTIFICATE-----

MIIJbDCCCFSgAwIBAgICC0IwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ1ox

DTALBgNVBAgMBEJybm8xDDAKBgNVBAoMA0FWRzEdMBsGA1UECwwUU29mdHdhcmUg

RGV2ZWxvcG1lbnQxFzAVBgNVBAMMDkFWRyB0cnVzdGVkIENBMB4XDTE4MDUxODAw

MDAwMFoXDTE5MDkyMDEyMDAwMFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD

YWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRswGQYDVQQKExJNb3pp

bGxhIEZvdW5kYXRpb24xDzANBgNVBAsTBldlYk9wczEhMB8GA1UEAxMYcmVkaXJl

Y3Qtc2FuLm1vemlsbGEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC

AQEAvIhxs0RIwNhwDWjMJIQ6H5vpfh3vBzaC0ry4hBZ+u2X8fj4z34S8hJ2wi/VC

r40KBh0mIafvMOwl85OfgwKvdyjRTc6fdy7SPpmH25zhVzgXRbRj5OvaFTrSOEYW

y3sAIDYQkMH2Zsp+B5SDA2jA2pOjHZ+fHdTNipIF1pdyVCTDilFne9IBQN251u5L

36fUTyu3PaSs9f3lxn04P5ZVeEVlETu7iTvJzVJqNvIWfh2LLjcfIZn4A7+UFD35

yHKU9I78n704xfzo+BHHbKtHkSmyQkd+onLVUKo669NHtd8irJ+O2A6sr3Nm9Xbu

t71KCA9DMXfU6C7x3J2oOwobYQIDAQABo4IGADCCBfwwHQYDVR0OBBYEFNFG75se

8sCd0Hi4TUG+LumkEoDDMB8GA1UdIwQYMBaAFLuiwMmewEMrMhYynwbphHQjxGdu

MIIFuAYDVR0RBIIFrzCCBauCGHJlZGlyZWN0LXNhbi5tb3ppbGxhLm9yZ4IWdHJl

ZXN0YXR1cy5tb3ppbGxhLm9yZ4IYb3BlbnN0YW5kYXJkLm1vemlsbGEub3Jngg5t

b3ppbGxhLm9yZy51a4IRaW5wdXQubW96aWxsYS5vcmeCF3BvbnRvb24ubW96aWxs

YWxhYnMuY29tghhtaXhlZHJlYWxpdHkubW96aWxsYS5vcmeCEGpvaW4ubW96aWxs

YS5vcmeCEmFkZG9ucy5tb3ppbGxhLmNvbYIPZG50Lm1vemlsbGEub3JnghFpbnB1

dC5tb3ppbGxhLmNvbYIPd3d3LmZpcmVmb3guY29tghd3d3cudGhlb3BlbnN0YW5k

YXJkLm5ldIIPYXNrLm1vemlsbGEub3Jnghl3d3cubGVhbmRhdGFwcmFjdGljZXMu

Y29tgg90YXNrY2x1c3Rlci5uZXSCGm1vYmlsZXBhcnRuZXJzLm1vemlsbGEub3Jn

ghJ3d3cuZ2V0ZmlyZWZveC5jb22CD2J6ci5tb3ppbGxhLm9yZ4IXd3d3LWFyY2hp

dmUubW96aWxsYS5vcmeCFHd3dy5vcGVuc3RhbmRhcmQub3JnghdhY3RpdmF0aW9u

cy5tb3ppbGxhLmNvbYITbmlnaHRseS5tb3ppbGxhLm9yZ4ITdGhlb3BlbnN0YW5k

YXJkLm5ldIIVd2Vid2V3YW50Lm1vemlsbGEub3Jngg93d3cubW96aWxsYS5jb22C

FG1vemlsbGEtcG9kY2FzdHMub3JnghttYXN0ZXJmaXJlZm94b3MubW96aWxsYS5v

cmeCE2NhcmVlcnMubW96aWxsYS5jb22CDmdldGZpcmVmb3guY29tght3ZWJzaXRl

LWFyY2hpdmUubW96aWxsYS5vcmeCFnZpZGVvcy1jZG4ubW96aWxsYS5uZXSCEGl0

aXNhdHJhY2tlci5vcmeCGmRlc2lnbmxhbmd1YWdlLm1vemlsbGEub3JnghdhY3Rp

dmF0aW9ucy5tb3ppbGxhLm9yZ4IQb3BlbnN0YW5kYXJkLmNvbYIWYWZmaWxpYXRl

cy5tb3ppbGxhLm9yZ4ITY29udGVudC5tb3ppbGxhLm9yZ4IRYWlybW8ubW96aWxs

YS5vcmeCE21venRyYXAubW96aWxsYS5vcmeCG3Byb2R1Y3QtZGV0YWlscy5tb3pp

bGxhLm9yZ4ISYXVyb3JhLm1vemlsbGEub3JnghJ0aGVodWIubW96aWxsYS5jb22C

DGJ1Z3ppbGxhLm9yZ4IScGxhbmV0Lm1vemlsbGEub3Jngg90cmFja2VydGVzdC5v

cmeCEnN0YXRpYy5tb3ppbGxhLmNvbYIQcHVibGljc3VmZml4Lm9yZ4IPZ2l0Lm1v

emlsbGEub3JnghBpdGlzYXRyYWNrZXIuY29tghV0bHNjYW5hcnkubW96aWxsYS5v

cmeCFWxlYW5kYXRhcHJhY3RpY2VzLm9yZ4IVbWV0cmljc2dyYXBoaWNzanMub3Jn

ghJ2aWRlb3MubW96aWxsYS5vcmeCE2ZyaWVuZHMubW96aWxsYS5vcmeCEHd3dy5i

dWd6aWxsYS5vcmeCFHd3dy5wdWJsaWNzdWZmaXgub3JnghBiZXRhLm1vemlsbGEu

b3Jngg9zc28ubW96aWxsYS5jb22CEG9wZW5zdGFuZGFyZC5vcmeCC2ZpcmVmb3gu

Y29tghVsZWFuZGF0YXByYWN0aWNlcy5jb22CC21vemlsbGEuY29tghl3d3cubGVh

bmRhdGFwcmFjdGljZXMub3JnghZvbmVhbmRkb25lLm1vemlsbGEub3JnghJmb3J1

bXMubW96aWxsYS5vcmeCFHd3dy5vcGVuc3RhbmRhcmQuY29tghJmaXJlZm94cXVh

bnR1bS5jb22CEmNvbnRyaWJ1dGVqc29uLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEA

GwcyYiku8Jo1yF+N9fV+A3ipx7IGTIP8Pq8lXPVbXPXvwn5JZPD4JJSOrfyk7SPx

mefZGnxefraeXEEUW/mFmda5ESO1OLcUosuz+rQSGQcrNNdJW/Us91lDXVrtr16S

1LADyc1imp6YCx028vz0Md3uJM++7eyTngA+Zxi6u5hxFXt5fl2SPfLxINkVuLEI

S+y8chrpC0L0qby5TM4PRT7rkE5MERI5xvEz1DHXD9qOmrFAgMqiQUlLJ5O3pvee

jUFLCAeeWiwPc1+7KUJ/K6DcY+Ai5ajNW/vCNUURmzc/x0Kl7XNV/LRD8Ip+4Any

eNH18AEUPpM4ZiEB/Bm1+Q==


END CERTIFICATE-----
more options

Thank you for sharing the certificate. It shows that the certificate was issued by "AVG trusted CA" instead of the true certificate issuer, an indication that your AVG security software is intercepting your web browsing.

A new installation of Firefox isn't set up to work with any "man in the middle" security suite like AVG, Avast, Bitdefender, ESET, or Kaspersky. What can you do? Either:

  • The security software will set up Firefox automatically at your next system startup or by using a button in the software's interface (simplest)
  • You can disable the "man in the middle" feature (see: How to troubleshoot security error codes on secure websites -- the new AVG is similar to Avast); this may improve performance by removing one level of filtering
  • If necessary, you can manually import AVG's signing certificate into Firefox's certificate store
  • You can set Firefox to trust certificates that MacOS X collects
more options

Very helpful, thanks much. The simplest solution you recommend, are you saying restart the Mac? Am I understanding the problem correctly, it is AVG interfering with Firefox's certs? I've will have to look into AVG docs, I don't see an obvious way to disable the man-in-the middle feature. I'll look into the other methods as well (importing the AVG signing cert). Setting Firefox to trust the collected certs - is that a good solution?

more options

jssimonson said

The simplest solution you recommend, are you saying restart the Mac?

It might work. AVG/Avast usually can set up Firefox automatically, but I don't know exactly what triggers it.

Am I understanding the problem correctly, it is AVG interfering with Firefox's certs? I've will have to look into AVG docs, I don't see an obvious way to disable the man-in-the middle feature.

AVG now works similarly to Avast. Possibly it's browser interception is also called the Web Shield, but I haven't looked at the docs.

I'll look into the other methods as well (importing the AVG signing cert). Setting Firefox to trust the collected certs - is that a good solution?

I think it's better to have Firefox use its own certificate store if you can.

more options

Выбранное решение

A followup - I did find how to tell AVG to not do the man-in-the-middle checks, and that does allow Firefox to reach sites I've used for years (Mozilla, MSN, F1, etc.)

A good and fast support system - thanks to all that helped.