Mozilla VPN is currently experiencing an outage. Our team is actively working to resolve the issue. Please check the status page for real-time updates. Thank you for your patience.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox - BurpCA issues and Error: SEC_ERROR_UNTRUSTED_ISSUER

more options

Good Morning, I am trying to solve FireFox CA issues for the last two days. I am using BurpPro for work.

I generated new Burp CA Cert (cacert.der) file and imported it via Settings to the list of certificates. I can see the Burp cacert imported. NOTE: When importing I CAN'T SEE THE SCREEN ASKING FOR "this cert can trust websites, mail etc."

Now, when navigating to HTTPS website ie httpS://example.com I see message: "Secure Connection Failed An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER" But going to http://example.com is OK (so this issue is only for httpS websites)

Why? [angry face] I was reading a lot of support topics over help here. The trick with removing cert8.db file don't help. I restored the FF to it's factory settings. Didn't help. I am after installing the FFDev edition (as a separate browser) and the same issue Secure Connection Failed

An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER occur!

The very same BurpCA Cert working on Chrome and IE. I asked the same question on BurpSupport - no answer... as yet.


Using: Windows7 Pro 64 bit FF 43.0.4 ; FFDev 45.0a2

Good Morning, I am trying to solve FireFox CA issues for the last two days. I am using BurpPro for work. I generated new Burp CA Cert (cacert.der) file and imported it via Settings to the list of certificates. I can see the Burp cacert imported. NOTE: When importing I CAN'T SEE THE SCREEN ASKING FOR "this cert can trust websites, mail etc." Now, when navigating to HTTPS website ie httpS://example.com I see message: "Secure Connection Failed An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER" But going to http://example.com is OK (so this issue is only for httpS websites) Why? [angry face] I was reading a lot of support topics over help here. The trick with removing cert8.db file don't help. I restored the FF to it's factory settings. Didn't help. I am after installing the FFDev edition (as a separate browser) and the same issue Secure Connection Failed An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER occur! The very same BurpCA Cert working on Chrome and IE. I asked the same question on BurpSupport - no answer... as yet. Using: Windows7 Pro 64 bit FF 43.0.4 ; FFDev 45.0a2

All Replies (5)

more options

Did you happen by this https://bugzilla.mozilla.org/show_bug.cgi?id=1126034 ? There is one workaround someone applied with CentOS and a fair bit of information regarding the error types (and what caused it in the case of TinyCA). My knowledge is limited regarding certificates, so googling for old solutions was the best I can do - I can see you've tried a couple already.

Modified by Phoxuponyou

more options

Burp Support

According to Burp Support (link attached), when importing BurpCA certyficate I should get a question about "In the dialog box that pops up, check the box "Trust this CA to identify web sites", and click "OK".

I can't see this dialog box neither in Firefox or Firefox Dev ed. Why? Where I can reset this setting? Can't see anything over in Windows System registry or in about:config

more options

The UI may have changed since Burp made those instructions; you should see the difference in 43 already since there's no dialog box for Options (it's a tab now).

You can edit the setting by selecting the certificate and selecting Edit Trust, "identify websites" should be the first option you can select.

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required) where such a certificate is used?

more options

Hi, this has been bugging me, and I have been looking for an answer, I am hoping that you can see it and it helps

http://mzl.la/1lFJl3h