為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

This website is Untrusted because of un-signed certificate

more options

I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.

I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.

所有回覆 (11)

more options

In the Technical Details section of the certificate error page, could you copy and paste the explanation into a reply (especially the part in parentheses at the end of the description)? That may help in tracking down a more obscure issue.

more options

servername removed uses an invalid security certificate. The certificate is not trusted because it is self-signed.

(Error code: sec_error_unknown_issuer)
more options

Hmm, but you're saying it's not self-signed, it is signed by "Entrust Certification Authority - L1K"?

I have two of those in my certificate store and both are signed by "Entrust Certification Authority - L1K" which is signed by a trusted root. (Screen shot attached)

So this is a difficult problem to understand and may require more information about the server certificate. (And someone more expert to look at it.)

more options

This is self-signed, sorry if i was not clear

more options

Okay, you may need to make an exception. Does the error page have a third section that when you expand it has an Add Exception button?

more options

my company is saying the reason they have the cert is so they don't have to use an exception. Is there a way to do it without an exception?

more options

How is this being handled by IE? If you visit the page in IE, click the padlock, and view the certificate, then look at the part of the dialog that shows the certificate chain, is the server certificate listed as its own signing certificate? If that is working, you could try exporting that certificate from IE as a DER-format (.cer) file, and then importing it into Firefox's Certificate View on the Authorities tab.

I'm not sure that's any cleaner than making an exception... in many ways, it's a "super-exception" because it would allow other server certificates to be signed with the same authority certificate...

more options

I'm being told that this is not supposed to work on IE.

more options

Can you ask your IT what you're supposed to do then? If they know it isn't working in Firefox and it's not supposed to work in IE, it's hard to understand what they're thinking.

more options

....unfortunately, I'm the IT. I've said exception a bunch of times but they don't like that answer.

more options

I think you need more expertise to solve this than is available on this forum, sorry.