为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Wrong error message (expired cert still valid!)

more options

If I try to access https://bugs.cacert.org I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT

If I access to the same site with chromium browser, there is no such error message, even more: I can access the certificate with the following information: valid until 2024 (see complete cert as picture).

Why this obviously wrong error message? How can it be circumvented (a warning might work, but a blockade?)?

If I try to access [https://bugs.cacert.org https://bugs.cacert.org] I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT If I access to the same site with chromium browser, there is no such error message, even more: I can access the certificate with the following information: valid until 2024 (see complete cert as picture). Why this obviously wrong error message? How can it be circumvented (a warning might work, but a blockade?)?
已附加屏幕截图

所有回复 (7)

more options

I get SEC_ERROR_UNKNOWN_ISSUER the first time I visit the site. SSL Labs indicates the certificate is not trusted by Mozilla, Apple, Android, Java and Windows.

The site uses HSTS which means a secure connection is enforced. To bypass it, you need to search for the site in history (Ctrl+H), right-click > "Forget about this site" then restart the browser. This will clear the HSTS cache and allow you to temporarily bypass the security warnings for the duration of the session.

more options

Firefox doesn't have the "CA Cert Signing Authority" root certificate for cacert.org and thus this origin isn't trusted. You can install this root certificate to make this work (there is a link further down in the Certificate Viewer), but that would only make sense if you would visit this website often.

more options

Thank you, cor-el. I know that Mozilla does not trust CAcert by default. As I use CAcert certificates, the first thing I do with a new browser, is to import the CAcert root certificates. That's why I was surprised that it does not work, even though the root certificates are installed.

more options

eeerrr said

If I try to access https://bugs.cacert.org I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT

eeerrr said

As I use CAcert certificates, the first thing I do with a new browser, is to import the CAcert root certificates. That's why I was surprised that it does not work, even though the root certificates are installed.

Is it possible that an imported certificate has expired? If you click the Advanced button and View Certificate, Firefox should show the certificate chain (as in the cor-el's screenshot) so you can check its links.

more options

Thank you, jscher2000. I checked it. There are two expired class 3 certificates - shoud I remove them? There is a class 3 certificate valid until 2031 and a root certificate valid until 2033.

more options

It works for me after downloading from the certificate page and importing.

more options

eeerrr said

Thank you, jscher2000. I checked it. There are two expired class 3 certificates - shoud I remove them? There is a class 3 certificate valid until 2031 and a root certificate valid until 2033.

Unless the date on your computer has advanced 10 years into the future, those should not be treated as expired. But in case Firefox is not showing what is saved in your Certificate Manager, could you check whether there are old versions saved that you could delete.