I need an actual human being to help me with the issue of fixing "SEC_ERROR_UNKNOWN_ISSUER" problems that should not be happening.
I need an actual human being to help me with the issue of fixing "SEC_ERROR_UNKNOWN_ISSUER" problems that should not be happening.
I'm using the latest update of Firefox on PC laptop running Windows 10. My security software is Bitdefender. I am not experiencing this issue or anything very similar with any other browsers I have and use and there are a number of them so this is definitely either a Firefox-Specific or problem or it's a grander-scale problem that only Firefox's security measures are recognizing.
The error page I encounter with just about every website is:
"Your connection is not secure
The owner of www.mozilla.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
www.mozilla.org uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
Error code: SEC_ERROR_UNKNOWN_ISSUER"
الحل المُختار
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
http://kb.mozillazine.org/Error_loading_websites
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
Read this answer in context 👍 0All Replies (10)
الحل المُختار
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
http://kb.mozillazine.org/Error_loading_websites
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
You can click the "Advanced" button to expand this section and show extra details. If the certificate is not trusted because no issuer chain was provided (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste this base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.
- always be cautious when you get an 'Untrusted' error message
- never create a permanent exception without investigating the cause and only use this to inspect the certificate
Here is that encoded certificate chain text. This is in an attempt to go to mozilla.org (obviously), but I get the same error message for 99% of sites I attempt. That message in full is included in text of my initial post above. I really appreciate any and all the help I can get with this because my Firefox browser has been essentially rendered unusable and it's both very inconvenient as well as very concerning. Anyway, here is that certificate info:
https://www.mozilla.org/firefox/
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: true HTTP Public Key Pinning: false
Certificate chain:
BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIJAP9OWjDC5loeMA0GCSqGSIb3DQEBCwUAMGAxLTArBgNV BAMMJEJpdGRlZmVuZGVyIFBlcnNvbmFsIENBLk5ldC1EZWZlbmRlcjEMMAoGA1UE CwwDSURTMRQwEgYDVQQKDAtCaXRkZWZlbmRlcjELMAkGA1UEBhMCVVMwHhcNMTYx MTA5MDAwMDAwWhcNMTgxMTE0MTIwMDAwWjCCAQIxHTAbBgNVBA8MFFByaXZhdGUg T3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYLKwYBBAGCNzwC AQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMyNzU5MjA4MR4wHAYDVQQJExU2NTAg Q2FzdHJvIFN0IFN0ZSAzMDAxDjAMBgNVBBETBTk0MDQxMQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEcMBoG A1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEUMBIGA1UEAxMLbW96aWxsYS5vcmcw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLENmZTduWD6HXYzTbnJPE 4M+0MmXLDzEn7kmTnhGsvZEjrBTszjpu/PdWXeZxMCc+ffIXlErw/5PUdVR8Muk2 rYtMSLmrRAexNEBR+0RJhtqysTehZg36/M1MpFEf3h2y/CS6l9f7sOvx1lOiGhW3 8bpbvnhJ8TDpvzVHcla5A4TYuTlpIujTC8Imy4YMPwUksPzzcQAEKOgvNr0kTtdj ZkAGvkvCM5jLNeppB0M7gXTMA2wQdHqRBJJGPz/9ca71Dn8xr2V4zu8YJq1PnvrK giHu+Ifi9fbxNFis4VfPiyu6Zhkeiot+ciNOWMLsKSUXBA55zKlj05viSh9dxhBj AgMBAAGjKzApMCcGA1UdEQQgMB6CC21vemlsbGEub3Jngg93d3cubW96aWxsYS5v cmcwDQYJKoZIhvcNAQELBQADggEBAIjTgqlOZOwbBixSuaxdiWevVgj1RcXl7Ae0 uc6L4KQBBzAU1RwwPeketAGsECPfMhu/UDdXivKRQUxpqrxv/AEGf2IzAhwTc52G 8ENqy5fql/tl67rLQ0Lu2Ci3JIhzdOFJvaQHbDgf+93u9b2CpPnlm5hXsagkKfR/ q2YuvGeUC6qFA5yLyWD6nqsRblSQ1qtsA0FoIQdGlIhEeQvDoowJP5Y3W8X0bHZF EkIxvhCJGbZnCKhTQOJ9KJzXgY4bwNqd63h0aK0l3xrZ90Gq1g8h++LMSbgPOI76 UHyTzXPkgx7SlNKLnjNtScr4BFwl1lJEfAdWl3MIRqdu3LNSdMA=
END CERTIFICATE-----
Also, I apologize because I think I just clicked "not helpful" for both replies but did not mean to since the second seems to have to potential to be extremely helpful.
Definitely a certificate from Bitdefender.
- Issuer: CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
You need to follow the instructions or disable this feature in Bitdefender or contact them for support.
Modified
FredMcD said
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message http://kb.mozillazine.org/Error_loading_websitesHow to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
Well...you were absolutely right. It was a setting within the "web protection module" of the Bitdefender Total Security 2018 security suite. I had convinced myself that this was not an issue with my security/antivirus software because #1 the problem arose very abruptly -- I had never even messed around with the settings in the protection module in question -- and #2 Despite the fact that I now see that it is clearly true sometimes that these issues are a result of complications with security and online protection software, it's been my experience that whenever I have any kind of problem with getting online that's serious enough to require help from more knowledgeable tech people than myself, the first thing I'm told to do without exception is turn off my security and antivirus software and this is the first time it's ever actually solved the problem. I had basically come to the conclusion that being directed to begin the troubleshooting process by doing this was really only happened because it's the easiest and quickest thing to have someone do that has even a remote chance of fixing the problem. My starting to adopt this opinion was probably reinforced because it's usually in the totally broad, nonspecific, shotgun-like manner of being told to just turn the entire security suite - every element of - off, which gave me the impression that the suggestion as well as the suggest-or were not very informed but finally after months and months of just having Firefox sitting completely unusable on my desktop I followed that very bottom like you included in your post to Mozilla's support/FAQ page regarding my specific error message and did what it suggested I do within the Bitdefender program. It was clear; It was specific; It was immediately effective. I was able to use Firefox immediately after I did that, and the "that" in question was to turn the "Scan SSL" switch from on to off. Now I just have do some research to figure out what all this meant and why it may have abruptly become an issue -- try to understand the logic of the whole situation. Thank you very much for the time taken to help me try to find the solution my problem because I was able to because of it.
Glad to help. Safe Surfing.
Sometimes, protection programs offer too much protection. Sometimes.
Note that the the issuer of the certificate you posted above is Bitdefender:
- Issuer: CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
Hi FocusedonDistractions, most programs that inject themselves as a "man in the middle" of your internet browsing can automatically update Firefox's certificate database with their signing certificate so that Firefox will trust their fake site certificates.
BUT the file name recently changed from cert8.db to cert9.db so it's possible that many users will run into issues like this until the security vendors update.
It's always possible to manually import that signing certificate but if you do not feel strongly that this extra layer of protection is important, then it might be more trouble than it's worth. This thread lays out the steps: https://support.mozilla.org/questions/1199797