为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Qustodio causes your connection not secure error

more options

After installing Qustodio I am no longer able to reach any web page with Firefox. The only way to browse with Firefox is to uninstall Qustodio.

This is the error message I get in Firefox for example when I go to yahoo mail but it is the same for any web site:

The owner of mail.yahoo.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

mail.yahoo.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

After installing Qustodio I am no longer able to reach any web page with Firefox. The only way to browse with Firefox is to uninstall Qustodio. This is the error message I get in Firefox for example when I go to yahoo mail but it is the same for any web site: The owner of mail.yahoo.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. mail.yahoo.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

被采纳的解决方案

crorad said

Thanks, changing the value to true worked but changing it back to false I get the same error. ... What is the disadvantage of leaving it at true?

Normally, Firefox relies on its own certificate file to assess whether it can trust what websites (or intermediaries) present to it. Setting that preference to "true" tells Firefox to trust sites that are trusted in the Windows certificate database, too.

The main negative is, in the situation that malware has injected a certificate into the Windows certificate store (rather than software you actually trust to read all your browsing connections), Firefox will play along rather than generating error screens.

The alternative involves numerous steps; I'll link to a thread that lists them for reference: https://support.mozilla.org/questions/1199797#answer-1064849

Sites seem to load slower when value is at true.

Well, the filter needs time to process what you're sending and retrieving, so that's not a huge surprise.

定位到答案原位置 👍 2

所有回复 (3)

more options

Yes, Qustodio is intercepting your connection and presenting fake site certificates to Firefox, and Firefox is none too happy.

Could you try this temporary settings change to see whether this works:

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(B) In the search box above the list, type or paste root and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.

Once Firefox has picked up on the new "man in the middle" try switching the preference back to normal and see whether the education is permanent.

If that doesn't work, there is an export/import method. Or maybe Qustodio can do the setup automatically after a reboot or in some other way.

more options

Thanks, changing the value to true worked but changing it back to false I get the same error. Sites seem to load slower when value is at true. What is the disadvantage of leaving it at true?

more options

选择的解决方案

crorad said

Thanks, changing the value to true worked but changing it back to false I get the same error. ... What is the disadvantage of leaving it at true?

Normally, Firefox relies on its own certificate file to assess whether it can trust what websites (or intermediaries) present to it. Setting that preference to "true" tells Firefox to trust sites that are trusted in the Windows certificate database, too.

The main negative is, in the situation that malware has injected a certificate into the Windows certificate store (rather than software you actually trust to read all your browsing connections), Firefox will play along rather than generating error screens.

The alternative involves numerous steps; I'll link to a thread that lists them for reference: https://support.mozilla.org/questions/1199797#answer-1064849

Sites seem to load slower when value is at true.

Well, the filter needs time to process what you're sending and retrieving, so that's not a huge surprise.