This connection is untrusted while opening gmail, facebook
As of this morning i have not been able to open gmail or facebook with firefox.
1. I have not made any OS changes or antivirus changes since yesterday. 2. I always set my cache and history to be cleared when i close firefox. 3. I uninstalled and reinstalled firefox a few times (completely following the instructions on the mozilla page where the hidden roaming firefox directory is to be removed). 4. I reverted back to Firefox 32.0.3 and it did not solve the problem. 5. I ran malwarebytes and Microsoft Forefront Endpoint Protection and there are no viruses or malware detected. 6. I am running Win 7. 7. I can open these sites without a problem on Chrome or IE. 8. Google.com opens fine and i do a search for gmail through google.com and it displays the "connection untrusted message". Details are below:
This Connection is Untrusted
You have asked Firefox to connect securely to mail.google.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
mail.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)
All Replies (18)
Screenshot of the error message is below. Also I removed the cert8.db from the Profiles folder and reopened firefox. I am sure it was regenerated but it did not solve the problem.
My date/time is also correct I verified this.
Modified
What security software (firewall, anti-virus) do you have?
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) as a test.
I have Microsoft Forefront Endpoint Protection. I have used Firefox on this system for about 1.5 yrs with no issues this trouble started 2 days ago.
I started the computer in safe mode and i still cannot open gmail or facebook. IE and Chrome work without any issues. I don't think i have any adware on my machine because i don't get those prompts on websites that display extra ads. Google news opens fine just not gmail and facebook.
I've seen something like this before. I'd say reinstall the website's certificate, but I don't know how to do that in Firefox. I don't even remember how I did it in IE.
If anyone knows how to re-install a certificate in Firefox, that might be the answer.
If you check the certificate chain in other browsers that work (i.e. click the padlock on the address bar), then who is the issuer of the certificate?
The certificate is issued to mail.google.com. The certificate is issued by the company I work for: wsproxy.xxxxcompany.com. This is in Chrome.
Modified
does it make a difference when you enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.cert_pinning.enforcement_level. double-click it and change its value to 0?
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
I just tried that it did not help. I made the change you suggested restarted firefox and i have the same error while trying to open up gmail.
another thing to try: when you go into the firefox menu ≡ > options > advanced > network > connection - settings... & set firefox to use "no proxy", will the pages load then?
I tried that it did not help. I appreciate you suggestions and timely feedback.
I ran a complete scan on my system for malware and viruses and nothing shows up. And this started only from yesterday.
can you install the ssleuth add-on on firefox and say to me wish dns your system is trying to reach, i m persuaded that you have a fraudulent domain name system, or look your date also and verify if it is up to date, it can be tor if you have installed it...
Do you need to use that WS proxy software?
theshine: This is what i see when i installed ssleuth and try to access gmail.com. Is this what you want to know?
I am using this on my corporate machine so i am not in control of how it chooses the proxy. This is automatic when i install firefox.
You will have to install the root certificate of that proxy to avoid this error. You can check in another browser how the certificate chain is resolved and export the certificate of the proxy in that browser and import the certificate in the Firefox Certificate Manager and set the appropriate trust bit(s).
I tried exporting a certificate out of chrome when i was logged into gmail but it won't import into firefox. What format should i use? I have 3 options as shown in the image below. The 4th one is not selectable.
Is this how i should do it?
here we are, install the first blue underline url, and than, try to rerun firefox, and also say me what is visible with sleuth....
Thanks for your input. My issue got fixed. It seemed to be a proxy issue. Once this variable was set in about:config to the proxy name I was again able to access all the above mentioned sites: network.negotiate-auth.trusted-uris. The value of this variable was thenameofmycompany.com.
I don't know what happened to change this overnight when i did not update the browser but somehow this was the issue. Also looks like when i downloaded and installed firefox this variable did not get set automatically.
Modified