Şu anda bakım nedeniyle sitemiz kısıtlı işlevsellik sunmaktadır. Mevcut makaleler sorununuzu çözmediyse ve bize soru sormak isterseniz Twitter’da @FirefoxSupport hesabından ve Reddit’teki /r/firefox subreddit'inden destek gönüllülerimize ulaşabilirsiniz.

Mozilla Destek’te Ara

Destek dolandırıcılığından kaçının. Mozilla sizden asla bir telefon numarasını aramanızı, mesaj göndermenizi veya kişisel bilgilerinizi paylaşmanızı istemez. Şüpheli durumları “Kötüye kullanım bildir” seçeneğini kullanarak bildirebilirsiniz.

Daha Fazlasını Öğren

Intermediate CA not trusted by Firefox

  • 3 yanıt
  • 4 kişi bu sorunu yaşıyor
  • 1 gösterim
  • Son yanıtı yazan: sengarth

more options

I have a certificate issued by Sectigo recently and have successfully installed on my web server. My users are able to access it via Chrome, Internet Explorer and Safari with no issues.

However everyone experiences the "Your connection is not secure" warning message.

After some investigation, it seems that the intermediate CA issued by Sectigo is not included in Firefox's certificate store and hence the chain of trust could not be established.

What I want to ask is, the intermediate CA is already listed in Mozilla's CCADB (https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCerts).

Why is it that error still appears on Firefox? It does not help even when security.enterprise_roots.enabled is set to true.

The only workaround so far is to manually import the intermediate CA via Privacy & Security -> Certificates, however this should not be performed in the first place if the isssuer CA is already trusted and works fine with all other browsers.

I have a certificate issued by Sectigo recently and have successfully installed on my web server. My users are able to access it via Chrome, Internet Explorer and Safari with no issues. However everyone experiences the "Your connection is not secure" warning message. After some investigation, it seems that the intermediate CA issued by Sectigo is not included in Firefox's certificate store and hence the chain of trust could not be established. What I want to ask is, the intermediate CA is already listed in Mozilla's CCADB (https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCerts). Why is it that error still appears on Firefox? It does not help even when security.enterprise_roots.enabled is set to true. The only workaround so far is to manually import the intermediate CA via Privacy & Security -> Certificates, however this should not be performed in the first place if the isssuer CA is already trusted and works fine with all other browsers.

Seçilen çözüm

Firefox only includes root certificates. Intermediate certificates have never been included in Firefox. Web servers need to send to send a full certificate chain that includes all required intermediate certificates. Firefox stores intermediate certificates send by a website that can be used in future visits to websites that do not send a full certificate chain.

Bu yanıtı konu içinde okuyun 👍 0

Tüm Yanıtlar (3)

more options

hi,

First you have to check the settings of your antivirus, especially if you use AVG or Avast

After, I share a link that brings many solutions

http://mzl.la/1M2JxD0

thank's

more options

Seçilen çözüm

Firefox only includes root certificates. Intermediate certificates have never been included in Firefox. Web servers need to send to send a full certificate chain that includes all required intermediate certificates. Firefox stores intermediate certificates send by a website that can be used in future visits to websites that do not send a full certificate chain.

more options

Answered my question, appears now there are only 2 scenarios that could resolve the warning message in Firefox without requiring client-user's manual intervention.

Scenario 1. Configure the web server to send the intermediate CA to the client with Firefox browser

Scenario 2. Client happen to visit another website that sends the same intermediate CA and it is cached in Firefox's certificate store, future sites that do not send such CA do not have to send to the client.