www.google.com uses an invalid security certificate, Error code: SEC_ERROR_UNKNOWN_ISSUER
After I upgrade my laptop to win10, I cannot access google(so as youtube, be can access many other websites) any more with firefox, but chrome and ie are OK.
The error is as below: Your connection is not secure The owner of www.youtube.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
https://www.google.com/?gfe_rd=cr&ei=F_18VtzbBoqx8weY9YbIAg&gws_rd=cr&fg=1 Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: true Certificate chain:
My anti-virus software is only McAfee and my windows defender is off
Chosen solution
Thank you for the certificate data. The site certificate was issued by
"EMC SSL Decryption Authority"
which is not the issuer of the genuine certificate. So what is EMC doing in there? I really don't know. Is this a business network?
I found a reference to an EMC certificate here, but it does not seem applicable to websites, so I wouldn't install this until you figure out what's going on:
https://www.emc.com/techpubs/vipr/troubleshoot_ssl_certificates-1.htm
Read this answer in context 👍 1All Replies (8)
Should update check McAfee forum to see if they have any issues going on.
uninstall Firefox. Then Delete the Mozilla Firefox Folders in C:\Program Files and C:\Program Files(x86) Then restart system. Then run Windows Disk Cleanup. (Note: This should be Pinned and run Weekly, If never done below expect 10's of gig's) Then run it again and click the button that says Cleanup System Files. Note: your Firefox Profile is saved. But you should make a back up before you do :
- https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles
- https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer
Reinstall with Current Release Firefox 57.0.3 with a Full Version Installer
Please let us know if this solved your issue or if need further assistance.
You can click the "Advanced" button to expand this section and show extra details.
If the certificate is not trusted because no issuer chain was provided (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste this base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.
- always be cautious when you get an 'Untrusted' error message
- never create a permanent exception without investigating the cause and only use this to inspect the certificate
cor-el said
You can click the "Advanced" button to expand this section and show extra details. If the certificate is not trusted because no issuer chain was provided (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste this base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.
- always be cautious when you get an 'Untrusted' error message
- never create a permanent exception without investigating the cause and only use this to inspect the certificate
Hi, I still cannot access google.com after reinstall firefox based on Pkshadow's comments, but it shows Certificate chain now while previously Certificate chain is empty.
The error message and Certificate chain is as below:
https://www.google.com/?gws_rd=ssl
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false HTTP Public Key Pinning: true
Certificate chain:
BEGIN CERTIFICATE-----
MIIEDjCCAvagAwIBAgIkSYuDbh1keUE29aavL4QHmAxpM25v+7fs8B+V2nfQlU3h 12RMMA0GCSqGSIb3DQEBCwUAMIGYMSEwHwYJKoZIhvcNAQkBFhJHU09fV2ViU2Vj QGVtYy5jb20xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9FTUMgQ29ycG9yYXRpb24x JTAjBgNVBAsTHEdsb2JhbCBTZWN1cml0eSBPcmdhbml6YXRpb24xJTAjBgNVBAMT HEVNQyBTU0wgRGVjcnlwdGlvbiBBdXRob3JpdHkwHhcNMTcxMTI5MDk0NzAzWhcN MTgwMjIxMDkzNzAwWjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p YTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEX MBUGA1UEAwwOd3d3Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC2z+J0LOnRap7AbgLGXcxSeoIi5lG0ypoUGRMNUHhvFiMP5ej0I4eY Lhdp6KMb7GvhebnL4+ATAKlrhenacFnHOUX3reShu1/T1vmi/TCvf4Cs5ExjM1OA gGxDWAlkl+/uTWtx6pPfMskQ9PAPAIqHHnLOyPjJ0swixV/UnUZCjiuqkMu59L51 4JfpSWE9H4kisLjLT8+WkT9/vGhrhR8kXQ2fGId1zNAukfi1126C6bxmnWcnpsga tJAL4+mE9vjqjesyibat6DPZQuZiXl98uiK0v7rZXY6elYqji7KvQD7xJhjBSttr 0e3cCU88ifIL4MLs19DR+UsOMthkBVThAgMBAAGjbzBtMBMGA1UdJQQMMAoGCCsG AQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNv bTAdBgNVHQ4EFgQUyzmVzWh78J5y6Jv9yu6xUunk6JIwDAYDVR0TAQH/BAIwADAN BgkqhkiG9w0BAQsFAAOCAQEAQgvMJTOODAlcjqk4OgSIEKwFk8/JiMNJVx8ZMO+x ucNhg45dUmYjcW1lUzEoMdL4FJsWK0dFi67T9flNPz10AkT3gLE9usMgcEwjym9Q RFC66Foo5+yZwAabwvwKa6crCQwk7tu/uol0pXDab1Shq8p1x7saXtm1OHzNP0rh 0sET9eVmzs97B0Jy/+Og3TMmb3KIzJR5i1qJLSCegdGCn+hwYE2vMTTEe439Mlq+ /d5pzqgcLg96cuoOHa4rxQh8+yBN7jmdCFeTvZgAcHscBkEy6RY2xd+TXND44xej NPzI1yb12huXviv8JO65ZxB7Ioj7+YDeD3mnJofxZ0VuAA==
END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIQI3k+tfxRq38cNrKi5cYX0TANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPRU1DIENvcnBvcmF0aW9uMSUwIwYDVQQL ExxHbG9iYWwgU2VjdXJpdHkgT3JnYW5pemF0aW9uMSgwJgYDVQQDEx9FTUMgU1NM IERlY3J5cHRpb24gQXV0aG9yaXR5IHYyMB4XDTE2MTEzMDIxNDU0NloXDTIwMDIy ODIxNDU0N1owgZgxITAfBgkqhkiG9w0BCQEWEkdTT19XZWJTZWNAZW1jLmNvbTEL MAkGA1UEBhMCVVMxGDAWBgNVBAoTD0VNQyBDb3Jwb3JhdGlvbjElMCMGA1UECxMc R2xvYmFsIFNlY3VyaXR5IE9yZ2FuaXphdGlvbjElMCMGA1UEAxMcRU1DIFNTTCBE ZWNyeXB0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAOvkLxl1yJ5lgU1JOMB7I4Ckar4N4IR5dHR0psFfDJR39jpnS+aHnsrbwfte isOnmdH5EONl+DdhbsO4CyWvoPzq0nOtd0DszyJRhoWhCX2NpfolG7NSMa2Me62h tFzUKhx8YabO+jZwNGlgJYib4vVGymP+4HS+/2sZpcm5w9qSK7xr/m4v41bd/dit aOTx8VEe4FbGWubcoPy4dwZSP4NxwBG5BXdSOVGzuPzFO9d1DT/WJt8rF8M7b9G5 aaBvGwhDYImO3Tl8PcEvZ3mbeXNcJvhw3YcaE3iNxPrPqbJMJD5WquV8u2jvQyXW QN6S1M+EQurPHHcRKn/vU17VHl8CAwEAAaOCAcswggHHMB8GA1UdIwQYMBaAFKXI N8PH+Ydkms8NqIKyTcTObvVDMBIGA1UdEwEB/wQIMAYBAf8CAQAwggFfBgNVHR8E ggFWMIIBUjBBoD+gPYY7aHR0cDovL3BraS5jb3JwLmVtYy5jb20vY3JsL0VNQ1NT TERlY3J5cHRpb25BdXRob3JpdHl2Mi5jcmwwgcSggcGggb6GgbtsZGFwOi8vL0NO PUVNQyBTU0wgRGVjcnlwdGlvbiBBdXRob3JpdHkgdjIsQ049RU1DIFNTTCBEZWNy eXB0aW9uIEF1dGhvcml0eSB2MixDTj1DRFAsQ049UHVibGljIEtleSBTZXJ2aWNl cyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWVtY3Jvb3QsREM9ZW1j LERDPWNvbT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MEagRKBChkBodHRwOi8v ZW50ZXJwcmlzZWNhLmNvcnAuZW1jLmNvbS9FTUNTU0xEZWNyeXB0aW9uQXV0aG9y aXR5djIuY3JsMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs5fLD4TFDvRTZux+ zJaxmlJhViUwDQYJKoZIhvcNAQELBQADggEBABTh4MbeaOk+zc8z3C2jymJDhpd2 iwTwmo+wGBfQ76f92flnpghL//2pvo++GapiGwJ+K2muqcF065f9x4de4Nj8d2Le 2mYgcQsMQkW05i9f2+73vZ1MNSpWog81rBk1e7DDP50xN/p8mME8ZLzFCtj08W8Z DxE6NN+eoZD4sCeticJKGw88UoGRtpTAbwV5oRPk4vTV/Zb7yudb5jT9FYP/hGz7 KaqD7hIL0nGrL/9J7wwOkB7YL3w5rGLvXx+fDx8rK0rFZRb5TuimF/aDuGXjYvci gaYV/LEaqQdcgZACYZCSYhEpR4yKbTx+tWrJnvu7UK4s8NkdAcf5+93rZc4=
END CERTIFICATE-----
Seçilmiş Həll
Thank you for the certificate data. The site certificate was issued by
"EMC SSL Decryption Authority"
which is not the issuer of the genuine certificate. So what is EMC doing in there? I really don't know. Is this a business network?
I found a reference to an EMC certificate here, but it does not seem applicable to websites, so I wouldn't install this until you figure out what's going on:
https://www.emc.com/techpubs/vipr/troubleshoot_ssl_certificates-1.htm
jscher2000 said
Thank you for the certificate data. The site certificate was issued by "EMC SSL Decryption Authority" which is not the issuer of the genuine certificate. So what is EMC doing in there? I really don't know. Is this a business network? I found a reference to an EMC certificate here, but it does not seem applicable to websites, so I wouldn't install this until you figure out what's going on: https://www.emc.com/techpubs/vipr/troubleshoot_ssl_certificates-1.htm
Hi, jscher2000
After I export certificate from my IE, I import it to my firefox failed with error "The personal certificate can't be installed because you do not own the corresponding private key which was created when the certificate requested" but when i export certificate from my IE, it cannot export private key.
You can try to set this pref to true on the about:config page to import the certificates from the Windows certificate store to see if that works.
- security.enterprise_roots.enabled = true
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
Lucent said
After I export certificate from my IE, I import it to my firefox failed with error "The personal certificate can't be installed because you do not own the corresponding private key which was created when the certificate requested"
You need to import the certificate to the "Authorities" tab. The kind of certificates you can import to the "Your Certificates" tab are quite different.
Thank you all,
I can access google.com now with firefox after I import EMC SSL certificate to Firefox from IE.