Цей вебсайт матиме обмежену функціональність, доки ми проводимо його обслуговування для поліпшення роботи. Якщо прочитана стаття не розв'язала вашу проблему і ви хочете поставити питання, наша спільнота підтримки з радістю допоможе вам на @FirefoxSupport у Twitter та /r/firefox на Reddit.

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Untrusted connection with a certificate signed by an Enterprise CA

  • 2 відповіді
  • 3 мають цю проблему
  • 16 переглядів
  • Остання відповідь від cor-el

more options

I have a site hosted on IIS that is secured using a standalone enterprise CA. The CA certificate is stored in both the current user and local machine Trusted Root Certification Authorities stores, and the site works in IE. If I view the certificate in IE, I can see that my CA issued the site cert, and that both are trusted. FF 24 gives me:

ice71.icelab.computer-talk.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

And the window to add an exception says:

Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature.

If I view the certificate, the certificate hierarchy doesn't show the issuer (it does appear in IE), but the "issued by" details on the general tab DOES have the common name of my CA. This common name matches the CN of the cert that's in the Trusted Root CAs store.

Any idea why this won't validate?

I have a site hosted on IIS that is secured using a standalone enterprise CA. The CA certificate is stored in both the current user and local machine Trusted Root Certification Authorities stores, and the site works in IE. If I view the certificate in IE, I can see that my CA issued the site cert, and that both are trusted. FF 24 gives me: ice71.icelab.computer-talk.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And the window to add an exception says: Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature. If I view the certificate, the certificate hierarchy doesn't show the issuer (it does appear in IE), but the "issued by" details on the general tab DOES have the common name of my CA. This common name matches the CN of the cert that's in the Trusted Root CAs store. Any idea why this won't validate?

Усі відповіді (2)

more options

Does this site work with a www. prefix?

https://www.ice71.icelab.computer-talk.com

The standaloane server seems to be missing the intermediate certificate (RapidSSL CA) that is required to build a certificate chain that ends with a built-in root certificate.

You can download and install the first certificate from this site:

https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

You can Copy and Paste the certificate text of the intermediate certificate to a .cer text file and import the certificate in the Certificate Manager or via Firefox > New Tab > Open File. DO NOT set any trust bits, those are only required for root certificates and should never be set for intermediate certificates.

If that doesn't work then do the following :

The file cert8.db in your profile folder may have become corrupted. Delete this file while Firefox is closed.

Open your profile folder:

  • At the top of the Firefox window, click on the Firefox button, go over to the Help menu and select Troubleshooting Information. The Troubleshooting Information tab will open.
  • Under the Application Basics section, click on Show Folder. A window with your profile files will open.

Note: If you are unable to open or use Fire​fox, follow the instructions in Finding your profile without opening Firefox.

  • At the top of the Firefox window, click on the Firefox button and then select Exit
  • Click on the file named cert8.db.
  • Press Delete.
  • Restart Firefox.

cert8.db will be recreated when you restart Firefox. This is normal.

Report back if it Works ! Thanks!

Змінено SHASHANK ROY

more options

Make sure that you install all required intermediate certificates on the server to make it possible for Firefox to build the certificate chain that ends with a root certificate to prevent this untrusted error message.

The issuer of this certificate is icelabCA, no further details and I don't know where this certificate comes from and what would needs to be installed.