為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Why do I get a certificate error with error "sec_error_untrusted_issuer" but when i go to view the certificate and add an exception it says "this site provides valid,verified identification. There is no need to add an exception"

  • 4 回覆
  • 783 有這個問題
  • 1 次檢視
  • 最近回覆由 Phil_Young

more options

Using firefox 3.6.4 to access an internal site which has been configured using the apache directive SSLCertificateChainFile with the certificate authority certificate and Intermediate certificate authority certificates which are supposed to validate the certificate even if the users browser is missing the certificate for the CA which signed the web server cert. Microsoft IE works fine for the same site but firefox always gives this error on first connection to the site.

Using firefox 3.6.4 to access an internal site which has been configured using the apache directive SSLCertificateChainFile with the certificate authority certificate and Intermediate certificate authority certificates which are supposed to validate the certificate even if the users browser is missing the certificate for the CA which signed the web server cert. Microsoft IE works fine for the same site but firefox always gives this error on first connection to the site.

所有回覆 (4)

more options

Incorrectly configured server. i.e. missing intermediate chain certificate. IE can download automatically, but Mozilla can't, hence the cert error. As far as why it randomly decides it is valid sometimes prior to you try to add a security exception I don't know.

http://www.sslshopper.com/ssl-certificate-not-trusted-error.html

more options

Thanks for your reply. In this case I'm confident that the intermediate certificate is installed correctly but firefox isn’t behaving how I would expect. I did some more investigation and found that the intermediate certificate is being loaded into firefox when I attempt to browse the site however it gets loaded in with the default settings of "Software Security Device" with the three checkboxes for trust settings unchecked. If I manually go in and check the box for the intermediate certificate authority to identify websites then I can browse to the site without getting the warning. To me this defeats the point of an intermediate cert. I would expect that if I trust the issuer of the intermediate cert to identify websites then I should automatically trust the intermediate CA cert to identify websites as IE seems to do. At the very least I should get a popup or something asking if I want to trust the intermediate CA cert to identify websites when it gets loaded into my certificate store on accessing the site. Allowing the intermediate CA cert to determine that the web server cert is valid but not trusting it to identify the site doesn’t seem to make any sense.

more options

I have the same problem in 3.6.6 (I think). I can't even access the Firefox add-ons facility due to spurious certificate errors, and this appears to affect the majority of sites I attempt to access!

I don't have problems with IE or Chrome when accessing these sites.

more options

I have Firefox 4.0 with this issue. The certificate that it was trying to use had expired and was not the one on the secure Web site. I followed some advice I found on mozillaZine, "How to clear SSL cache". (Yes, I know. Firefox does NOT cache SSL certs.) It said to go to Tools >> Clear Private Data. I didn't see that but clicked on Start Private Browsing. I browsed to the secure Web site and the new cert showed up. It still didn't like it because the top level CA is a noob. When I cycled out of the Private Browsing mode, the secure Web site was available.