为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Untrusted connection with a certificate signed by an Enterprise CA

  • 2 个回答
  • 3 人有此问题
  • 16 次查看
  • 最后回复者为 cor-el

more options

I have a site hosted on IIS that is secured using a standalone enterprise CA. The CA certificate is stored in both the current user and local machine Trusted Root Certification Authorities stores, and the site works in IE. If I view the certificate in IE, I can see that my CA issued the site cert, and that both are trusted. FF 24 gives me:

ice71.icelab.computer-talk.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

And the window to add an exception says:

Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature.

If I view the certificate, the certificate hierarchy doesn't show the issuer (it does appear in IE), but the "issued by" details on the general tab DOES have the common name of my CA. This common name matches the CN of the cert that's in the Trusted Root CAs store.

Any idea why this won't validate?

I have a site hosted on IIS that is secured using a standalone enterprise CA. The CA certificate is stored in both the current user and local machine Trusted Root Certification Authorities stores, and the site works in IE. If I view the certificate in IE, I can see that my CA issued the site cert, and that both are trusted. FF 24 gives me: ice71.icelab.computer-talk.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) And the window to add an exception says: Certificate is not trusted, because it hasn't been verified by a recognized authority using a secure signature. If I view the certificate, the certificate hierarchy doesn't show the issuer (it does appear in IE), but the "issued by" details on the general tab DOES have the common name of my CA. This common name matches the CN of the cert that's in the Trusted Root CAs store. Any idea why this won't validate?

所有回复 (2)

more options

Does this site work with a www. prefix?

https://www.ice71.icelab.computer-talk.com

The standaloane server seems to be missing the intermediate certificate (RapidSSL CA) that is required to build a certificate chain that ends with a built-in root certificate.

You can download and install the first certificate from this site:

https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem

You can Copy and Paste the certificate text of the intermediate certificate to a .cer text file and import the certificate in the Certificate Manager or via Firefox > New Tab > Open File. DO NOT set any trust bits, those are only required for root certificates and should never be set for intermediate certificates.

If that doesn't work then do the following :

The file cert8.db in your profile folder may have become corrupted. Delete this file while Firefox is closed.

Open your profile folder:

  • At the top of the Firefox window, click on the Firefox button, go over to the Help menu and select Troubleshooting Information. The Troubleshooting Information tab will open.
  • Under the Application Basics section, click on Show Folder. A window with your profile files will open.

Note: If you are unable to open or use Fire​fox, follow the instructions in Finding your profile without opening Firefox.

  • At the top of the Firefox window, click on the Firefox button and then select Exit
  • Click on the file named cert8.db.
  • Press Delete.
  • Restart Firefox.

cert8.db will be recreated when you restart Firefox. This is normal.

Report back if it Works ! Thanks!

由SHASHANK ROY于修改

more options

Make sure that you install all required intermediate certificates on the server to make it possible for Firefox to build the certificate chain that ends with a root certificate to prevent this untrusted error message.

The issuer of this certificate is icelabCA, no further details and I don't know where this certificate comes from and what would needs to be installed.