Error code: sec_error_unknown_issuer
Hi, I have reviewed many similar posts but none of them works to fix my issue. Issue: "This Connection is Untrusted" with "sec_error_unknown_issuer ". But NO option of "I understand the risk". My firefox suddenly could not access websites such as YAHOO Mail, Google Mail, Facebook, Linkedin....etc while firefox is able to access other regular websites. Other broswers (IE, Chrome) do not have this issue.
Steps taken 1. Confirmed Date & time is correct. 2. "Certificate" shows these websites are in the list 3. Cleared Cache and cookies. 4. I am in company network. So I have to be either "auto-detect proxy" or "use system proxy setting". If I change to "no proxy", then Firefox could not get into any website. 5. deleted cert8.db
None of them worked to fix this issue. Please help to solve this issue. Thanks
被選擇的解決方法
IMPORTANT: MAKE SURE YOU TRUST THE INTERMEDIARY TO READ ALL OF YOUR SECURE TRANSMISSIONS BEFORE USING THIS SOLUTION. CHECK FOR MALWARE FIRST.
Actually it was a chain of one link, then another, then a clarification, so it's probably easiest to copy/paste:
Export
- In the IE or Chrome certificate viewer, click the cert you want to export in the Certification Path tab and use the View Certificate button to open it directly. Note: In this case, try exporting the ROOT CA certificate at the top of the path.
- Then click the Details tab and click the Copy to file button. This starts the Export Wizard. Use the DER format and save to a convenient location.
Import
- In Firefox, open the Certificate Manager using: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button
- Click the Authorities mini-tab and then the "Import" button, and find the DER file. Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.
I am attaching some screen shots for reference.
Does it work?
從原來的回覆中察看解決方案 👍 14所有回覆 (9)
The cert8.db file you mentioned is Firefox's certificate store. Internet Explorer and Chrome share the Windows system certificate store, so they can be useful for further research.
Couple questions:
(1) Do you get the problem for ALL secure sites, including, for example, this one or my test page, or is it more selective?
https://jeffersonscher.com/res/jstest.php
(2) Is your company proxy "transparent" or does it occasionally redirect to a notification screen, for example, to warn you about leaving the network? For more information on what I'm driving at, please skim through the following thread:
Yahoo mail gives untrusted connection error (web gateway displays its own page under the address of the destination site).
Hey, Jscher2000. Thanks for your feedback!
(1) No. I got the message " "This Connection is Untrusted" " as well. (though your website I could see "I understand the Risks" selection. It is selective, I think. I am able to go into some bank, credit card, brokerage trading website (assuming those are secure sites, right?)
(2) No. I have not being redirected to a notification screen (I did check the description from your provided link)
My version is 41.0 It suddenly has this issue last week. I tried to revert back to older version. 39.0 is totally fine with these websites. But some functions are not working in the older version. So hopefully this 41.0 issue could get fixed......
Very appreciated your input! Thanks!
On #1, the main difference is whether the site forbids HTTP access, in that case, Firefox won't allow adding an exception, either.
On my page, could you inspect the certificate? Here's how:
Expand the "I understand the risks" section and look for an Add Exception button. You don't need to complete the process of adding an exception (I suggest not adding one until we know this isn't a malware issue) but you can use the dialog to view the information that makes Firefox suspicious.
Click Add Exception, then View. If View is not enabled, try the Get Certificate button first. Then in the Certificate Viewer, look at the "Issued by" section. What do you find there, and/or under Certificate Hierarchy? I have attached a screen shot for comparison.
Thanks. Here you go. Hopefully this is helpful.
I assume you see the same information if you visit the same site and check the certificate in IE or Chrome. If not, that's a red flag.
If they are all the same, does it seem normal that "Bloomberg LP" would be intercepting your internet connection? If so, you can try trusting its root certificate. Please follow the export/import procedure in the other thread I linked to earlier to add that top level ROOT CA certificate to Firefox's certificate store.
Hi, Jscher2000
Do you mind giving me the link of the procedure please? Tried a while but could not find it. Thanks again!
選擇的解決方法
IMPORTANT: MAKE SURE YOU TRUST THE INTERMEDIARY TO READ ALL OF YOUR SECURE TRANSMISSIONS BEFORE USING THIS SOLUTION. CHECK FOR MALWARE FIRST.
Actually it was a chain of one link, then another, then a clarification, so it's probably easiest to copy/paste:
Export
- In the IE or Chrome certificate viewer, click the cert you want to export in the Certification Path tab and use the View Certificate button to open it directly. Note: In this case, try exporting the ROOT CA certificate at the top of the path.
- Then click the Details tab and click the Copy to file button. This starts the Export Wizard. Use the DER format and save to a convenient location.
Import
- In Firefox, open the Certificate Manager using: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button
- Click the Authorities mini-tab and then the "Import" button, and find the DER file. Note: I suggest allowing the certificate for websites only unless your IT suggests otherwise.
I am attaching some screen shots for reference.
Does it work?
由 jscher2000 - Support Volunteer 於
It WORKED!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! you da man! Thanks so much for your help. Very very appreciated your help!
I have had the same issue before, i tried every possible fix including exporting the root CA from Chrome and importing in Firefox but it didnt work.
Finally i downloaded ADWCleaner and it detected some strange entries in the registry that looked like proxy.data & proxy.xxx etc.
After running the cleanup process and rebooting the PC, the problem has been resolved!!