为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Thawte CA no longer trusted

  • 5 个回答
  • 3 人有此问题
  • 10 次查看
  • 最后回复者为 theshine

more options

On OSX Firefox vesion 39 has removed the Thawte CA "thawte Extended Validation SHA256 SSL CA" cert causing thawte.com and several other websites to fail with "sec_error_unknown_issuer" error. Can be corrected by exporting the CA Cert from another system and importing. Can we get this cert reinstalled into firefox so as to not break SSL for no reason?

On OSX Firefox vesion 39 has removed the Thawte CA "thawte Extended Validation SHA256 SSL CA" cert causing thawte.com and several other websites to fail with "sec_error_unknown_issuer" error. Can be corrected by exporting the CA Cert from another system and importing. Can we get this cert reinstalled into firefox so as to not break SSL for no reason?

所有回复 (5)

more options

On my system, the missing cert is an intermediate certificate and Firefox trusts its signing certificate (see screen shot).

If the Firefox installation experiencing this problem was refreshed (which removes the cert8.db file) then that cert would have been removed, but when you browse a site whose cert is signed by that intermediate certificate, the site should send it to Firefox and then Firefox will save it in cert8.db again.

If the problem is that the site not sending intermediate certificates, the site configuration should be updated. Do you want to post the URL? Or you could check it here: https://www.ssllabs.com/ssltest/

由jscher2000 - Support Volunteer于修改

more options

I first noticed a problem when visiting thawte.com. By simply comparing the available CA certs I saw that that CA was missing and https://www.sslshopper.com/ssl-checker.html#hostname=thawte.com verified that it was indeed the needed cert (see original screenshot). By simply export the cert from my linux box over to my Mac I was able to fix the problem (see other screenshot). A coworker had never installed firefox previously, did a completely fresh install and saw the same error. The same export/import fixed his error. Is there a way to get firefox to repackage that Intermediate cert in the CA bundle?

more options

Firefox never ships with intermediate certificates. Websites are supposed to send them to the browser, and then Firefox will validate them up to the trusted root. After that they appear as "Software Security Device" certificates.

After removing the cert from Firefox and reloading the page (Ctrl+Shift+r), I now get the same error you do. Since SSL Labs and the site you tested on both report that the server is indeed sending the intermediate certificate, there appears to be some glitch in Firefox processing that. I cannot figure out what the problem is from just using Firefox normally.

I downloaded and tested in PortableApps Firefox 38.0.5 and 37.0.2 and got the same issue, so I don't think it's a new problem in Firefox 39.0. Instead, perhaps there was a change in how the intermediate certificate is delivered (since it worked for me at some point in the past)??

Do you want to file a bug so people with better tools can follow up on it: https://bugzilla.mozilla.org/

more options

Bug filed.

Bug 1185058 - Firefox is not properly trusting certain Thawte Certs

由NoahSUMO于修改

more options

disable ocsp query in the option on the security tab in firefox...

rearange your time and date.

enable it in 1 day, it will re synchronize your date with the security certificate via the ocsp module

if you can go to a secure google page go to the thawte page and let me know what happen.