This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox blocking trusted web sites

  • 10 tontu
  • 13 am na jafe-jafe bii
  • 1 view
  • i mujjee tontu mooy ENIAC2

more options

trying to order something online. Firefox saying "this site is untrusted". I have used the site before without any problems. They say use IE or Chrome! Can you help?

trying to order something online. Firefox saying "this site is untrusted". I have used the site before without any problems. They say use IE or Chrome! Can you help?

Saafara biñ tànn

hughmaccallum said

Is this a common problem when one has a combination of Firefox and Kaspersky? I didn't used to get a problem. I wonder if upgrades to Firefox have caused the problem? It isn't a problem if I use IE.

It occurs when the trust between Firefox and Kaspersky is broken. Usually Kaspersky transparently inserts its signing certificate into both the Windows system certificate store (shared by IE and Chrome) and Firefox's certificate store, and there's no problem. However, if you were to use Firefox's Refresh feature, the old certificate store is removed and Firefox no longer trusts the "fake" certificates until it is set up to work with Kaspersky again. I'd say that is the most common scenario on this forum.

Jàng tontu lii ci fi mu bokk 👍 2

All Replies (10)

more options

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer of the certificate.

You can see more details like the intermediate certificates that are used in the Details tab.

Who is the issuer of the certificate?

If you can't inspect the certificate via "I Understand the Risks" then try this:

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer
more options

Seems you use Kaspersky -- judging from your plugins list in Question Details > More System Details.

Are you having certificate errors on numerous sites, or only on this one?

If it's just the one site, it's possible they haven't set up their server correctly as far as Firefox is concerned. You can use a test page like the following, which has very comprehensive information, but the main things that tend to trip sites up are: incomplete certificate chain (extra download required, which Firefox does not do) or only having RC4 ciphers (old encryption method).

https://www.ssllabs.com/ssltest/

If the problem occurs on multiple sites, have you upgraded to a new major version of Kaspersky recently?

more options

jscher2000 said

Seems you use Kaspersky -- judging from your plugins list in Question Details > More System Details. Are you having certificate errors on numerous sites, or only on this one? If it's just the one site, it's possible they haven't set up their server correctly as far as Firefox is concerned. You can use a test page like the following, which has very comprehensive information, but the main things that tend to trip sites up are: incomplete certificate chain (extra download required, which Firefox does not do) or only having RC4 ciphers (old encryption method). https://www.ssllabs.com/ssltest/ If the problem occurs on multiple sites, have you upgraded to a new major version of Kaspersky recently?
more options

Thank you for replying. It is very frustrating!

It seems to happen on other sites as well. I can use IE without any problem. I also have found that links from Search Engines quite often don't work either. This all seems to have happened in the past month or so. My Kaspersky has been installed for some time now and updates usually daily. I am using the latest version of Firefox.

more options

Firefox has a separate certificate store from Windows, but Kaspersky usually inject its signing certificate into that file (cert8.db) automatically. When that fails, you can import it manually. Also, you might need to manually remove the old signing certificate if it isn't cleaned out automatically.

I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product:


"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button > Authorities mini-tab

If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"

Select it and Click "Delete or Distrust"

Now click "Import..."

Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"

Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!


Does that work on your Firefox?

more options

Is this a common problem when one has a combination of Firefox and Kaspersky? I didn't used to get a problem. I wonder if upgrades to Firefox have caused the problem? It isn't a problem if I use IE.

more options

Saafara yiñ Tànn

hughmaccallum said

Is this a common problem when one has a combination of Firefox and Kaspersky? I didn't used to get a problem. I wonder if upgrades to Firefox have caused the problem? It isn't a problem if I use IE.

It occurs when the trust between Firefox and Kaspersky is broken. Usually Kaspersky transparently inserts its signing certificate into both the Windows system certificate store (shared by IE and Chrome) and Firefox's certificate store, and there's no problem. However, if you were to use Firefox's Refresh feature, the old certificate store is removed and Firefox no longer trusts the "fake" certificates until it is set up to work with Kaspersky again. I'd say that is the most common scenario on this forum.

more options

I use Kaspersky also and for the past 2 or 3 months when I log on to my banking website it always asks for one of my secret security questions. I contacted the bank and they told me to go to my settings and untic the 'Delete browsing history on closing FF". It didn't work. Would this certificate issue have anything to do with my problem? I also use IE and it has no issue. The banking site is the only one that has the problem.

more options

Hi ENIAC2

A detail like a website remembering you (log you in automatically) is stored in a cookie.

You can use these steps to make a website recognize and remember you:

  • Create a cookie 'allow' exception to keep such cookies, especially in case of secure websites and when cookies expire when Firefox is closed.
  • Tools > Options > Privacy > "Use custom settings for history" > Cookies: Exceptions

In case you use "Clear history when Firefox closes" or otherwise clear history.

  • do not clear the Cookies
  • do not clear the Site Preferences
  • Clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.
  • Clearing Cookies will remove all selected cookies including cookies with an allow exception that you want to keep.
more options

Thank you cor-el. I will try these steps you posted. I have already chosen not to clear history when Firefox closes and that didn't work. I will post back with my results. Thank you again.