Den här webbplatsen har begränsad funktionalitet medan vi utför underhåll för att förbättra din upplevelse. Om en artikel inte löser ditt problem och du vill ställa en fråga har vi vår gemenskap som väntar på att hjälpa dig på @FirefoxSupport på Twitter, /r/firefox på Reddit.

Avatar for Username

Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Läs mer

Denna tråd har arkiverats. Ställ en ny fråga om du behöver hjälp.

Firefox does not trust DigiCert Global Root CA even though trust is set

  • 1 svar
  • 1 har detta problem
  • 1 visning
  • Senaste svar av cor-el

morxa
morxa
more options

I've had trouble accessing websites that use a certificate that's signed with the DigiCert Root CA. As an example, if I open up blog.mozilla.org, I get a SEC_ERROR_UNKNOWN_ISSUER.

This is somehow related to my user profile. If I create a new profile, the problem disappears.

I've tried deleting cert*.db in my profile directory to no avail. I checked about:config and I couldn't find any relevant non-default configuration.

To my surprise, if I want to manually set the trust of the certificate in the certificate manager ("Edit Trust"), it tells me that the certificate is trusted. However, if I click on "View Certificate", I get the following error: "Could not verify this certificate because the issuer is unknown."

I don't know much about CAs, but it seems to be surprising how the issuer of a Root CA could be unknown, isn't that the whole point of a Root CA that it does not need to be signed by another certificate?

The more important question: Where in my profile may I have a non-default option that causes Firefox to not trust the DigiCert Global Root CA?

I've had trouble accessing websites that use a certificate that's signed with the DigiCert Root CA. As an example, if I open up blog.mozilla.org, I get a SEC_ERROR_UNKNOWN_ISSUER. This is somehow related to my user profile. If I create a new profile, the problem disappears. I've tried deleting cert*.db in my profile directory to no avail. I checked about:config and I couldn't find any relevant non-default configuration. To my surprise, if I want to manually set the trust of the certificate in the certificate manager ("Edit Trust"), it tells me that the certificate is trusted. However, if I click on "View Certificate", I get the following error: "Could not verify this certificate because the issuer is unknown." I don't know much about CAs, but it seems to be surprising how the issuer of a Root CA could be unknown, isn't that the whole point of a Root CA that it does not need to be signed by another certificate? The more important question: Where in my profile may I have a non-default option that causes Firefox to not trust the DigiCert Global Root CA?

Alla svar (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

A root certificate can only work if is has the appropriate trust bit(s) set. For builtin root certificates this should happen automatically.

What certificate chain do you get?

Issues caused by broken certificates are normally fixed by deleting cert9.db and cert8.db and maybe cert_override.txt as well.

Other related files you can look at are pkcs11.txt and secmode.db. I don't think that prefs are involved in this case.

Ändrad av cor-el