為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

"This Connection is Untrusted" error message.

  • 12 回覆
  • 12 有這個問題
  • 1 次檢視
  • 最近回覆由 Ѕeeкɘя

more options

Hi, I am having this particular problem with a single site as of now. The site is https://www.sbicapsec.com (A banking/stock site).

I tried suggestions from the following articles 1. https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&as=aaq Result: It did not solve

2. https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message Because I got the error that 'The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)' Therefore, the given solution in that article also failed to solve.

Now, I did not try the last solution: 'Bypassing the warning' And that's because, the site works in other browsers i.e IE and Chrome. Therefore, I don't trust any certificate that I have to add manually to work. It would have been a different case had the other browsers showed the same problem. Also, prior to this version of FF, the previous version worked the perfect. But surprisingly that does not work either now. And I don't know why.

Thanks for any possible fix.

Hi, I am having this particular problem with a single site as of now. The site is https://www.sbicapsec.com (A banking/stock site). I tried suggestions from the following articles 1. https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&as=aaq Result: It did not solve 2. https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message Because I got the error that 'The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)' Therefore, the given solution in that article also failed to solve. Now, I did not try the last solution: 'Bypassing the warning' And that's because, the site works in other browsers i.e IE and Chrome. Therefore, I don't trust any certificate that I have to add manually to work. It would have been a different case had the other browsers showed the same problem. Also, prior to this version of FF, the previous version worked the perfect. But surprisingly that does not work either now. And I don't know why. Thanks for any possible fix.

被選擇的解決方法

Hi, I was able to download the appropriate certificate from here: https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

I got the link searching through google and ending up in one of your comment :)

Thank you.

But since it checks the server and not our PCs, the test shows missing certificate, I think. Nevertheless, I imported it into firefox and the site opens. The other browsers never had problems. I also installed it in the PC but then I thought I should not have. Deleted the cert but that reappeared. Don't know how!

Anyway, I hope all these manual certificate additions are perfectly a safe practice for normal users.

Also, when you said FF don't come with intermediate certificates pre-packed, I presume, IE and Chrome does because they don't create this hassle. These simple stuff might discourage people to not use FF who are not much technical or active enough to solve it.

Regards.

從原來的回覆中察看解決方案 👍 0

所有回覆 (12)

more options

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.

You can see more Details like intermediate certificates that are used in the Details pane.

If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".

Note that some firewalls monitor (secure) connections and that programs like Sendori or Fiddler (FiddlerRoot) can intercept connections and send their own certificate instead of the website's certificate.

more options

Yes, I can check certificate details. And the information there looks to be ok. But the question is, how do I trust that it is correct when a browser couldn't? And would be advisable to add an exception because firefox tells me that a legitimate bank or any other organisation would not ask me to that.

Also when I check the site on https://www.networking4all.com, I get this reply:

"Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server."

Therefore, until a browser itself tells me that my connection is secure, it is unlikely that I may add certificate exception for such sensitive site. Hope, there is other workaround than just to add an exception until maybe FF fixes that. Thank you for your help.

more options

That website doesn't send the required intermediate certificate .

  • VeriSign Class 3 Extended Validation SSL CA

You can download and save the intermediate certificate from this web page and install the certificate via "File > Open File" of "Firefox menu button > New Tab > Open File". It is the first certificate on this VeriSign page:

Copy the base64 encoded certificate text that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse.
Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.
Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.
Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.

Import the saved certificate in the Firefox Certificate Manager.

  • Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import

Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one.

more options

I am not sure what I did wrong but it is not working for me. But to cross check, this is what I did. Please point out the mistake, if there is any. 1. Went to the VeriSign website and copied the content of the first 'box' with the code (Ctrl+C). 2. Opened notepad, pasted the content (Ctrl+V) 3. On the notepad, Clicked File>Save As> abc.cer [Selected File Types set as 'All Files', Encoding: ANSI]

4. Opened FIrefox>New Tab>Open File>Selected abc.cer >Open.

  • It opens the content on the new tab

So anyway, 5. Then I went Firefox>Options>Advanced>Certificates>View Certificates>Authorities>Import>Selected abc.cer

  • No message shown so I clicked Ok>ok.

6. Exited firefox, tried to open the site and the same error shows up.

Thanks :)

more options

Firefox should offer to install the certificate if you use Open File.

You can right click the abc.cer file in Windows Explorer to verify that it is a CER file and not a text file.

When you import this certificate then Firefox should have shown a window to confirm the import and offer a choice to set some trust bits.

Do you see this certificate under the VeriSign heading on the Authorities tab?

  • VeriSign Class 3 Extended Validation SSL CA
more options

Hi, I found out where I was doing wrong. While selecting the whole text and copying and then pasting to a notepad, it leaves a blank space just before "-----END CERTIFICATE-----". Removing that space and saving the file, and then proceeding as said above (Options>Advanced>certificate>authorities>Import), I am provided with a message. But before proceeding further, I would like to know if I should select all the three boxes that asks whether I should trust the certificate for 'whatever' purpose?

Also, I would like to say that I was not able to install the certificate via New Tab>Open File. That actually opens the content of the certificate (the text).

Finally, I also noticed that this certificate's SHA1 fingerprint is not same as that of the one which is presented by firefox to put in exception. Wouldn't that be problem? What is the difference between the two?

Thank you for your help. Much appreciated.

more options

I am providing some screenshots 1. The certificate shown when I go to 'add exception'

2. The certificate content is shown when I click 'new tab>open file'. It does not install

3. The new certificate details

4. When importing the new certificate.

more options

Sorry about the confusion.
Your third screenshot show the wrong intermediate certificate (VeriSign Class 3 Public Primary Certification Authority - G5).
You need the other (second) certificate on that page in this case.

I had saved the two certificates on that page with the wrong name.

  • first certificate: VeriSign Class 3 Public Primary Certification Authority - G5
  • second certificate: VeriSign Class 3 Extended Validation SSL CA (you need this one)
more options

I am sorry to inform that the second certificate do not work. I presume, that is because the naming had slight variation in that the new certificate has 'SGC' in it while the one provided by the site does not have it. The validity of the certificate however, is same along with all other credentials except the thumbprint/sha1/md5 signatures.

I also tried adding both the certificates. Same result. Don't work.

Later I deleted cert8.db from Mozilla folder so that it reverts back to default. I would like to have further guidance. Thank you.

Regards.

more options

選擇的解決方法

Hi, I was able to download the appropriate certificate from here: https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

I got the link searching through google and ending up in one of your comment :)

Thank you.

But since it checks the server and not our PCs, the test shows missing certificate, I think. Nevertheless, I imported it into firefox and the site opens. The other browsers never had problems. I also installed it in the PC but then I thought I should not have. Deleted the cert but that reappeared. Don't know how!

Anyway, I hope all these manual certificate additions are perfectly a safe practice for normal users.

Also, when you said FF don't come with intermediate certificates pre-packed, I presume, IE and Chrome does because they don't create this hassle. These simple stuff might discourage people to not use FF who are not much technical or active enough to solve it.

Regards.

more options

You should contact the website to tell them about this missing intermediate certificate.

more options

mm I am not sure if I am eligible enough to suggest them on security matters. However, I may report about the certificate chain error encountered in Mozilla only. IE/Chrome's behaviour is fine and now Mozilla is good too. Also, they suggest us to use IE and recommend us to change to IE if we are using FF/Chrome. I guess business communities find IE easier although it has certain problems in rendering. Anyway, thank you for your help.

Regards.