Mozilla VPN is currently experiencing an outage. Our team is actively working to resolve the issue. Please check the status page for real-time updates. Thank you for your patience.

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Wrong error message (expired cert still valid!)

more options

If I try to access https://bugs.cacert.org I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT

If I access to the same site with chromium browser, there is no such error message, even more: I can access the certificate with the following information: valid until 2024 (see complete cert as picture).

Why this obviously wrong error message? How can it be circumvented (a warning might work, but a blockade?)?

If I try to access [https://bugs.cacert.org https://bugs.cacert.org] I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT If I access to the same site with chromium browser, there is no such error message, even more: I can access the certificate with the following information: valid until 2024 (see complete cert as picture). Why this obviously wrong error message? How can it be circumvented (a warning might work, but a blockade?)?
Attached screenshots

All Replies (7)

more options

I get SEC_ERROR_UNKNOWN_ISSUER the first time I visit the site. SSL Labs indicates the certificate is not trusted by Mozilla, Apple, Android, Java and Windows.

The site uses HSTS which means a secure connection is enforced. To bypass it, you need to search for the site in history (Ctrl+H), right-click > "Forget about this site" then restart the browser. This will clear the HSTS cache and allow you to temporarily bypass the security warnings for the duration of the session.

more options

Firefox doesn't have the "CA Cert Signing Authority" root certificate for cacert.org and thus this origin isn't trusted. You can install this root certificate to make this work (there is a link further down in the Certificate Viewer), but that would only make sense if you would visit this website often.

more options

Thank you, cor-el. I know that Mozilla does not trust CAcert by default. As I use CAcert certificates, the first thing I do with a new browser, is to import the CAcert root certificates. That's why I was surprised that it does not work, even though the root certificates are installed.

more options

eeerrr said

If I try to access https://bugs.cacert.org I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT

eeerrr said

As I use CAcert certificates, the first thing I do with a new browser, is to import the CAcert root certificates. That's why I was surprised that it does not work, even though the root certificates are installed.

Is it possible that an imported certificate has expired? If you click the Advanced button and View Certificate, Firefox should show the certificate chain (as in the cor-el's screenshot) so you can check its links.

more options

Thank you, jscher2000. I checked it. There are two expired class 3 certificates - shoud I remove them? There is a class 3 certificate valid until 2031 and a root certificate valid until 2033.

more options

It works for me after downloading from the certificate page and importing.

more options

eeerrr said

Thank you, jscher2000. I checked it. There are two expired class 3 certificates - shoud I remove them? There is a class 3 certificate valid until 2031 and a root certificate valid until 2033.

Unless the date on your computer has advanced 10 years into the future, those should not be treated as expired. But in case Firefox is not showing what is saved in your Certificate Manager, could you check whether there are old versions saved that you could delete.