Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Error code: sec_error_expired_issuer_certificate

  • 10 回覆
  • 450 有這個問題
  • 1 次檢視
  • 最近回覆由 cor-el

more options

Firefox will not let me into Bt.com. I can in Internet Explorer. Firefox says ....www2.bt.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired..... Which seems unlikly For British Telecom. How do I check if this is safe and not corrupted or How should I override it....My computer date and time clock is correct.....Thanks Tony

Firefox will not let me into Bt.com. I can in Internet Explorer. Firefox says ....www2.bt.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired..... Which seems unlikly For British Telecom. How do I check if this is safe and not corrupted or How should I override it....My computer date and time clock is correct.....Thanks Tony

被選擇的解決方法

That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.

What do you see if you open the bt.com site and inspect the certificate chain?

You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates in the Details pane.

從原來的回覆中察看解決方案 👍 5

所有回覆 (10)

more options

bt.com uses a Verisign cert. There's been a rash of problems like this lately with Verisign certs, in which FF thinks that the intermediate cert has expired; other browsers, however, pick up the correct, as-yet unexpired date. Nothing you can do but use another browser; bt.com will have to fix its cert.

more options

Thanks toofySufi...I will gather the patience, energy & courage over the next few days to approach BT and see if they have the slightest understanding of your advice & can do something about it......I don't hold out much hope......Let's see what happens & I will keep you informed....Wish me Luck!...Tony

more options

There doesn't seem to be anything wrong with the certificate of the https://bt.com site as it works for me with a clean cert8.db file.

You can look for the "VeriSign Class 3 International Server CA - G3" intermediate certificate in the Certificate Manager and delete that certificate to make Firefox store a new certificate if the currently stored version has expired.

  • Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
  • Stored intermediate certificates show as "Software Security device" in the Certificate Manager.
  • Build-in root certificates show as "Builtin Object Token" on the Authorities tab in the Certificate Manager.
more options

Hi cor-el....The certificate is well within the expiry date. If I delete it will Firefox set up a new expiry date when I re-set up access to this site? & how do I recognise "VeriSign Class 3 International Server CA - G3" as the BT safety certificate....Thanks Tony

more options

You can open the Certificate Manager

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates
  • Go to the Authorities tab.
  • Scroll down to the VeriSign section.

Look for a certificate with the name "VeriSign Class 3 International Server CA - G3" that has "Software Security device" in the "Security Device" column.
Certificates labeled like that are intermediate certificate that Firefox stores automatically if a server is visited that sends such a certificate.
It is possible that yours is an older version that has expired and removing that stored certificate will make Firefox use the certificate send by the website.

more options

Hi cor-el...As I said, I went there and the expiry date is 07-02-2020. & why, before I delete it, is that particular VeriSign the BT safety certificate????? Thanks...T

more options

選擇的解決方法

That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.

What do you see if you open the bt.com site and inspect the certificate chain?

You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates in the Details pane.

more options

Hi cor-el, followed all your instructions and found all the info.

Just about to go into delete problem certificate....checked BT.com and went straight in. Problem had disapeared, the same as it arrived. No explanation!

I think these computers just want to play mind games. 

I just want to say thank you for your time and information....at my age of 75 it's always great to learn new ideas. I shall look round in this unexplored area.......Thanks Tony

more options

I suspect this procedure has actually produced an exception, so following this advice will find it has 'been fixed', but if you uninstall Firefox (and remove registry entries, Mozilla data directories etc) then reinstall, I suspect you'll have the problem back.

I have the same issue with a secure site at work - Verisign Class 3 public Primary certificate valid until 5th April 2012 - works fine with IE8 and Opera 11.52 -

Firefox (7.0.1) gives "This connection is untrusted" - detail: <site> uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. (Error code: sec_error_expired_issuer_certificate)

?

more options

It is possible that Firefox is trying more than one cipher to connect to the server and that some ciphers produce this error.
I usually keep all 128 bit SSL3 ciphers disabled and only enable security.ssl3.rsa_rc4_128_md5 or security.ssl3.rsa_rc4_128_sha for sites that still only work with 128 bit and not 168 or 256 bit.