Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 36 does not trust any SSL including https://support.mozilla.org

  • 10 replies
  • 22 have this problem
  • 16 views
  • Last reply by EthanR

more options

Every page that has SSL enabled gives me an error saying that This Connection is Untrusted, Error code: sec_error_expired_issuer_certificate.

Even if I add an exception for every site(which is in no way practical) the site content still does not appear correctly.

This happens for sites like https://www.google.com and also https://support.mozilla.org I'm using Firefox 36 and I would have included screenshots but the site would not allow me to upload images.

Every page that has SSL enabled gives me an error saying that This Connection is Untrusted, Error code: sec_error_expired_issuer_certificate. Even if I add an exception for every site(which is in no way practical) the site content still does not appear correctly. This happens for sites like https://www.google.com and also https://support.mozilla.org I'm using Firefox 36 and I would have included screenshots but the site would not allow me to upload images.

Chosen solution

I believe I have found the cause of this problem. The culprit is network security softwares, such as McAfee Web Gateway or Palo Alto SSL Decryption. Depending on implementation of these, the network computers will receive these errors while running Firefox.

It may be possible to work around these specific softwares by doing something similar from the following: https://community.mcafee.com/docs/DOC-5222 https://live.paloaltonetworks.com/docs/DOC-3486 https://live.paloaltonetworks.com/docs/DOC-7521

Good luck!

Read this answer in context 👍 0

All Replies (10)

more options

Is your system date and time good?

more options

hi EthanR, please make sure that you set the right date, time and timezone for your location: time.is

http://windows.microsoft.com/en-us/windows/set-clock#1TC=windows-7

more options

philipp said

hi EthanR, please make sure that you set the right date, time and timezone for your location: time.is http://windows.microsoft.com/en-us/windows/set-clock#1TC=windows-7

Yes my Date and Clock are accurate.

more options

A common reason for this is Firefox not being set up to work with your security software that intercepts secure connections. To work, that feature involves presenting a "fake" certificate to Firefox so the software can decrypt and inspects all of your activity with the secure site. Products that have this include avast! 2015, BitDefender, ESET, and Kaspersky. If you have one of these products, that could be the issue.

If you don't use any of those products, another possibility is a malware infection, so what we generally suggest is inspecting the issuer information for the certificate Firefox is rejecting.

  • If you have added an exception, click the padlock icon in the address bar, then More Information, then View Certificate
  • If you have not added an exception, you can use the exception dialog to check out the certificate without actually adding an exception. Click the "View" button.

Either way, see whether the Issued By section refers to a known software product or other unusual entry. For this site, for example, you should find the Common Name: DigiCert High Assurance EV CA-1

more options

jscher2000 said

A common reason for this is Firefox not being set up to work with your security software that intercepts secure connections. To work, that feature involves presenting a "fake" certificate to Firefox so the software can decrypt and inspects all of your activity with the secure site. Products that have this include avast! 2015, BitDefender, ESET, and Kaspersky. If you have one of these products, that could be the issue. If you don't use any of those products, another possibility is a malware infection, so what we generally suggest is inspecting the issuer information for the certificate Firefox is rejecting.
  • If you have added an exception, click the padlock icon in the address bar, then More Information, then View Certificate
  • If you have not added an exception, you can use the exception dialog to check out the certificate without actually adding an exception. Click the "View" button.
Either way, see whether the Issued By section refers to a known software product or other unusual entry. For this site, for example, you should find the Common Name: DigiCert High Assurance EV CA-1

Thank you for the reply, but this problem occurs on almost all machines at my company, I also do not have any of those programs installed, this is also a new install so any malware is highly unlikely. The SSL cert has all of the correct information. The Issued By is DigiCert High Assurance EV CA-1

Modified by EthanR

more options

What is the expire date/time of that certificate?

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button

See also:

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB (crop image(s) if necessary or save with higher compression)
more options

Company network, hmm, I wonder whether a proxy is involved? Is Firefox configured for a proxy here:

"3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button

more options

cor-el said

What is the expire date/time of that certificate? Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
  • chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button

See also:

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB (crop image(s) if necessary or save with higher compression)

The cert's dates are Begins On 9/17/2013 and Expires On 9/23/2015

jscher2000 said

Company network, hmm, I wonder whether a proxy is involved? Is Firefox configured for a proxy here: "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button

Yes it is configured for system proxy settings. But setting it for No proxy or for Auto-detect proxy settings for this network. Results in the same outcome.

more options

cor-el said

What is the expire date/time of that certificate? Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
  • chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button

See also:

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB (crop image(s) if necessary or save with higher compression)

Also I tried both a PNG and a JPG the latter was only 60 KB

more options

Chosen Solution

I believe I have found the cause of this problem. The culprit is network security softwares, such as McAfee Web Gateway or Palo Alto SSL Decryption. Depending on implementation of these, the network computers will receive these errors while running Firefox.

It may be possible to work around these specific softwares by doing something similar from the following: https://community.mcafee.com/docs/DOC-5222 https://live.paloaltonetworks.com/docs/DOC-3486 https://live.paloaltonetworks.com/docs/DOC-7521

Good luck!