Mozilla VPN is currently experiencing an outage. Our team is actively working to resolve the issue. Please check the status page for real-time updates. Thank you for your patience.

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Regular websites untrusted since refreshing firefox. I deleted cert8.db; time settings are fine, but is still not working. What to do?

  • 8 个回答
  • 21 人有此问题
  • 1 次查看
  • 最后回复者为 LLLL54

more options

Firstly got error message saying something is preventing Firefox from updating with request to refresh Firefox. So I did. Result is common websites like google and mozilla's own websites not opening because "Connection Untrusted" - (Error code: sec_error_unknown_issuer). I work on Mac OS X 10.10.2 Did delete the cert8.db in Profile folder a couple of times, but is not working. Time settings are fine. Deleted the entire browser app and reinstalled anew; same issue occurring. What's happening? And more importantly, how can this be fixed?

Firstly got error message saying something is preventing Firefox from updating with request to refresh Firefox. So I did. Result is common websites like google and mozilla's own websites not opening because "Connection Untrusted" - (Error code: sec_error_unknown_issuer). I work on Mac OS X 10.10.2 Did delete the cert8.db in Profile folder a couple of times, but is not working. Time settings are fine. Deleted the entire browser app and reinstalled anew; same issue occurring. What's happening? And more importantly, how can this be fixed?

被采纳的解决方案

Aha, do you see AVAST in there under the certificate issuer?

Your Avast security software is intercepting your browsing to filter it for threats. In order to filter secure connections, Avast creates these fake certificates and presents them to your browsers. Since Firefox uses a separate certificate file from Safari, Firefox needs to be set up to trust Avast to generate these certificates.

Now... in theory, Avast is supposed to update Firefox automatically when you exit out and start it up again. I'm assuming you have quit Firefox since this problem started but, if not, give that a try.

If that doesn't work, you or a volunteer would need to research the steps to get the Avast signing certificate into Firefox.

Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.

定位到答案原位置 👍 4

所有回复 (8)

more options

On firefox click settings then click OPTIONS > click Advanced, click Network. Click settings & choose "Auto-detect proxy setting for this network. Click OK & OK again. Now goto certificates and choose select one automatically.Restart firefox & try to search google or yahoo. Hopefully it would work now.

more options

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer of the certificate.

You can see more details like the intermediate certificates that are used in the Details tab.

Who is the issuer of the certificate?

If you can't inspect the certificate via "I Understand the Risks" then try this:

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

Check who is the issuer of the certificate.


Just to be sure: We have seen reports that the time as set via an internet based time service was so much out of sync that an error occurs, so if that is the case with your current service then try to switch to another time service.

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

more options

Hi, thanks for your replies.

@ premm krishna shenoy: Changing the proxy detecting settings to automatic; did not really do anything. The problem is also not with every website, just major ones like google and even mozilla's own website are untrusted. But 'smaller' website work fine.

@ cor-el: Cannot do the "I understand risk" thing because it doesn't offer me the option, so followed the chrome URI route; however after trying this on google it still doesn't work and so it continues to not trust it regardless of whether I specifically tell it to trust it. Time zone is the standard Apple time-zone determination, which is corresponding to every clock I come across here.

more options

Can you at least inspect the certificate via the chrome:// URI?

Can you attach a screenshot?

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB
more options

Most definitely. I uploaded a screenshot.

more options

As you can see in the screenshot the certificate is issued by your Avast security software.

You can disable HTTPS scanning in Avast Web Shield.

more options

选择的解决方案

Aha, do you see AVAST in there under the certificate issuer?

Your Avast security software is intercepting your browsing to filter it for threats. In order to filter secure connections, Avast creates these fake certificates and presents them to your browsers. Since Firefox uses a separate certificate file from Safari, Firefox needs to be set up to trust Avast to generate these certificates.

Now... in theory, Avast is supposed to update Firefox automatically when you exit out and start it up again. I'm assuming you have quit Firefox since this problem started but, if not, give that a try.

If that doesn't work, you or a volunteer would need to research the steps to get the Avast signing certificate into Firefox.

Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.

more options

Thanks cor-el, that did work. Although I'd be happy to find the correct avast authorisation certificate for Firefox to ingest so that https websites too can still be monitored...

jscher2000 said

Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.

Did try this earlier today, but it did not change anything really...