The certificate is not trusted because no issuer chain was provided.
I am trying to access the My Training tab on Army Knowledge Online (AKO). In the past I've used a PC and internet explorer with no issues. i just bought a Mac and was told Firefox was the best browser to access the military sites. Below is the copy and paste of what I see :
This Connection is Untrusted
You have asked Firefox to connect securely to atiam.train.army.mil, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
atiam.train.army.mil uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
Modified
All Replies (3)
I can confirm neither Firefox nor Chromium will open https://atiam.train.army.mil/ on my Linux system without displaying a similar SSL error page. If you search for the error code "sec_error_unknown_issuer" you will find some explanations of what's going on here. There are basically two possibilities:
- The website you are trying to visit is misconfigured: it needs to send all intermediate certificates your browser does not already know about.
- The website expects you to have explicitly installed an intermediate certificate.
I can confirm atiam.train.army.mil just is not sending any intermediate certificate, so it will not work in several browsers. What I cannot figure out (after a cursory search) is if this is intentional or not. But especially given the number of others asking the same question I suspect it isn't: their webserver is just misconfigured. And if I recall correctly Firefox will display the page if it happens to have seen the intermediate certificate before, for example because of you visiting a related site that uses the same certificate and is configured correctly. This may explain why it worked for you before you switched systems.
Ideally someone should contact whoever runs this webserver, but it also means that it is likely adding an exception for this certificate once is safe. (To be more certain you can manually verify the certificate fingerprint matches what I see: 82:10:50:09:A8:4E:E7:FC:98:49:86:F1:88:FA:DB:EF:53:66:1D:1E, visible under "add exception" -> "View certificate". The "Perspectives" addon confirms that's the certificate seen from several points across the globe.)
The DoD root and intermediate certificates should be installed by default on a Mac.
Did it work in the past?
You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored. If you have user certificates that you want to keep then export those certificates to a .cer file before removing the cert8.db file. If that helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
You can use this button to go to the Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Open Containing Folder
went here http://militarycac.com/dodcerts.htm. downloaded both versions of certificates and installed. worked for me to access the MY TRAINING portal
Sgt.Burkhead