为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

This website is Untrusted because of un-signed certificate

more options

I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.

I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.

所有回复 (11)

more options

In the Technical Details section of the certificate error page, could you copy and paste the explanation into a reply (especially the part in parentheses at the end of the description)? That may help in tracking down a more obscure issue.

more options

servername removed uses an invalid security certificate. The certificate is not trusted because it is self-signed.

(Error code: sec_error_unknown_issuer)
more options

Hmm, but you're saying it's not self-signed, it is signed by "Entrust Certification Authority - L1K"?

I have two of those in my certificate store and both are signed by "Entrust Certification Authority - L1K" which is signed by a trusted root. (Screen shot attached)

So this is a difficult problem to understand and may require more information about the server certificate. (And someone more expert to look at it.)

more options

This is self-signed, sorry if i was not clear

more options

Okay, you may need to make an exception. Does the error page have a third section that when you expand it has an Add Exception button?

more options

my company is saying the reason they have the cert is so they don't have to use an exception. Is there a way to do it without an exception?

more options

How is this being handled by IE? If you visit the page in IE, click the padlock, and view the certificate, then look at the part of the dialog that shows the certificate chain, is the server certificate listed as its own signing certificate? If that is working, you could try exporting that certificate from IE as a DER-format (.cer) file, and then importing it into Firefox's Certificate View on the Authorities tab.

I'm not sure that's any cleaner than making an exception... in many ways, it's a "super-exception" because it would allow other server certificates to be signed with the same authority certificate...

more options

I'm being told that this is not supposed to work on IE.

more options

Can you ask your IT what you're supposed to do then? If they know it isn't working in Firefox and it's not supposed to work in IE, it's hard to understand what they're thinking.

more options

....unfortunately, I'm the IT. I've said exception a bunch of times but they don't like that answer.

more options

I think you need more expertise to solve this than is available on this forum, sorry.