Error code: SEC_ERROR_UNKNOWN_ISSUER on Linux
Surfing https://www.asimmetrie.it/ on Firefox 77.0.1 (64-bit) Linux produce SEC_ERROR_UNKNOWN_ISSUER while no error occurs on Windows. Standing on https://www.ssllabs.com/ssltest/analyze.html?d=www.asimmetrie.it Linux is correct because the server's certificate chain is incomplete
الحل المُختار
Firefox caches intermediate certificates send by a server for future use and can use a stored intermediate certificate in case the server sends an incomplete certificate chain like in this case.
If you have never visited a server that has send this specific certificate (i.e. it isn't cached) then you get the SEC_ERROR_UNKNOWN_ISSUER error, otherwise the page will load without problems.
So on Windows you have this intermediate certificate cached and on Linux you haven't yet cached this intermediate certificate.
Cached intermediate certificates show as "Software Security Device" in the Certificate Manager.
- Options/Preferences -> Privacy & Security
Certificates: View Certificates -> Authorities
All Replies (2)
- MOZILLA_PKIX_ERROR_MITM_DETECTED
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
There is security software like Avast, Kaspersky,
BitDefender and ESET that intercept secure
connection certificates and send their own.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
Websites don't load - troubleshoot and fix error messages
http://kb.mozillazine.org/Error_loading_websites
الحل المُختار
Firefox caches intermediate certificates send by a server for future use and can use a stored intermediate certificate in case the server sends an incomplete certificate chain like in this case.
If you have never visited a server that has send this specific certificate (i.e. it isn't cached) then you get the SEC_ERROR_UNKNOWN_ISSUER error, otherwise the page will load without problems.
So on Windows you have this intermediate certificate cached and on Linux you haven't yet cached this intermediate certificate.
Cached intermediate certificates show as "Software Security Device" in the Certificate Manager.
- Options/Preferences -> Privacy & Security
Certificates: View Certificates -> Authorities