Firefox will no longer open Google or Youtube without a "This Connection is Untrusted" error, and not allowing me to get a temporary certificate
Ok, Here's my 2 cents worth, just to reiterate: Firefox will no longer open Google, Youtube OR other websites without a "This Connection is Untrusted" error, and no option to get a temporary certificate is available.
- I get the security warning but the option to click "I Understand the Risks" is gone.
- I get this error message on the technical details page: (Error code: sec_error_unknown_issuer )
- Google works fine in IE and chrome
- I have done everything listed here( as have others): https://support.mozilla.org/en-US/kb/connection-untrusted-error-messag.
- including, Delete cert.db, start in safe mode, empty cache, delete and reinstall.... Nothing works.
So, my understanding is this, and this solution only covers the Bullguard AV software, but may be applicable to other situations
Firefox uses a proxy supplied by AV software to overcome the fact that Google uses an out of date cert. Your proxy cert cert indicates to Firefox the website is trusted.
I think that is happening here, is that in the network environment, Bullguard AV has set up a proxy, and encrypted network traffic is intercepted/monitored by this proxy config. If this isn't properly set-up it looks like a "man-in-the-middle" attack( ref: philipp ) for firefox and that's why it is displaying that error message.
Firefox has a different certificate store than IE. if AV software is allowed to intercept/monitor all secure network traffic, its certificate has to be whitelisted in the browser's certificate store, this is set-up in IE and Chrome, but not in firefox...because of the different stores.
Solution; Export the proxy cert from the computer store that IE and Chrome use and import it into the Authorities store in Firefox.
Go to IE - internet options - content - Certificates - Trusted Root Certification Authorities-; Look for the AV proxy cert( in this case BullGuard SSL Proxy CA) > click to highlight > click Export > next > next(DER format) > "File Name" browse to where you will save it, Desktop for example, and call it something identifiable > next > finish.
Open Firefox's Certificate Manager:
Tools menu > Options > Advanced > Certificates mini-tab > View Certificates button > Authorities > Import > Browse to the Desktop > select your exported cert > open > ok
close Firefox and restart.
All Replies (2)
Hi mjrmjr , Thank you for re-iterating an issue that is currently being investigated. I understand that there is a hunch that Bullgaurd antivirus is not the only source of this error message in certificates, that is true.
I also understand that you have a work around by exporting the certs from another browser, this has worked in the past. I also understand that the AV certificate needs to be whitelisted in order for the proxy to work as expected and not be flagged as a man in the middle attack.
Please (1) suggest this in input.mozilla.org and (2) Create a bug for the most recent security NSS release in this bugzilla component: https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates
For the sake of completeness... When you get unknown issuer errors for pretty much all secure sites, the problem usually is one of the following:
(A) Firefox not being set up to work with your security software that intercepts and filters secure connections. Products with this feature include Avast, BitDefender, ESET, and Kaspersky; AVG has a Search Shield feature which can cause this error on search sites. And recently Bullguard.
(B) On Windows 10, Firefox not being set up to work with the parental control software Microsoft Family Safety. (To test by turning it off, see: http://windows.microsoft.com/en-us/wi.../turn-off-microsoft-family-settings)
(C) Malware on your system intercepting secure connections.
So... which is it?
If you have any of those specific security products, that would be the first thing to check. We might be able to assist with specific next steps based on what you have if you tell us.
To gather further information, you could inspect a sample certificate to see whether that points to the culprit. If you want to try that now, here's how I suggest starting:
Load my test page at: https://jeffersonscher.com/res/jstest.php
You likely will get an error page. Expand the "Advanced" section and look for an Add Exception button.
Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.
Click Add Exception, and the certificate exception dialog should open.
Click the View button. If View is not enabled, try the Get Certificate button first.
This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.