Error code: sec_error_expired_issuer_certificate
Firefox will not let me into Bt.com. I can in Internet Explorer. Firefox says ....www2.bt.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired..... Which seems unlikly For British Telecom. How do I check if this is safe and not corrupted or How should I override it....My computer date and time clock is correct.....Thanks Tony
Réiteach roghnaithe
That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.
What do you see if you open the bt.com site and inspect the certificate chain?
You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer.
You can see more Details like intermediate certificates in the Details pane.
Read this answer in context 👍 5All Replies (10)
bt.com uses a Verisign cert. There's been a rash of problems like this lately with Verisign certs, in which FF thinks that the intermediate cert has expired; other browsers, however, pick up the correct, as-yet unexpired date. Nothing you can do but use another browser; bt.com will have to fix its cert.
Thanks toofySufi...I will gather the patience, energy & courage over the next few days to approach BT and see if they have the slightest understanding of your advice & can do something about it......I don't hold out much hope......Let's see what happens & I will keep you informed....Wish me Luck!...Tony
There doesn't seem to be anything wrong with the certificate of the https://bt.com site as it works for me with a clean cert8.db file.
You can look for the "VeriSign Class 3 International Server CA - G3" intermediate certificate in the Certificate Manager and delete that certificate to make Firefox store a new certificate if the currently stored version has expired.
- Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
- Stored intermediate certificates show as "Software Security device" in the Certificate Manager.
- Build-in root certificates show as "Builtin Object Token" on the Authorities tab in the Certificate Manager.
Hi cor-el....The certificate is well within the expiry date. If I delete it will Firefox set up a new expiry date when I re-set up access to this site? & how do I recognise "VeriSign Class 3 International Server CA - G3" as the BT safety certificate....Thanks Tony
You can open the Certificate Manager
- Tools > Options > Advanced : Encryption: Certificates - View Certificates
- Go to the Authorities tab.
- Scroll down to the VeriSign section.
Look for a certificate with the name "VeriSign Class 3 International Server CA - G3" that has "Software Security device" in the "Security Device" column.
Certificates labeled like that are intermediate certificate that Firefox stores automatically if a server is visited that sends such a certificate.
It is possible that yours is an older version that has expired and removing that stored certificate will make
Firefox use the certificate send by the website.
Hi cor-el...As I said, I went there and the expiry date is 07-02-2020. & why, before I delete it, is that particular VeriSign the BT safety certificate????? Thanks...T
Réiteach Roghnaithe
That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.
What do you see if you open the bt.com site and inspect the certificate chain?
You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer.
You can see more Details like intermediate certificates in the Details pane.
Hi cor-el, followed all your instructions and found all the info.
Just about to go into delete problem certificate....checked BT.com and went straight in. Problem had disapeared, the same as it arrived. No explanation!
I think these computers just want to play mind games.
I just want to say thank you for your time and information....at my age of 75 it's always great to learn new ideas. I shall look round in this unexplored area.......Thanks Tony
I suspect this procedure has actually produced an exception, so following this advice will find it has 'been fixed', but if you uninstall Firefox (and remove registry entries, Mozilla data directories etc) then reinstall, I suspect you'll have the problem back.
I have the same issue with a secure site at work - Verisign Class 3 public Primary certificate valid until 5th April 2012 - works fine with IE8 and Opera 11.52 -
Firefox (7.0.1) gives "This connection is untrusted" - detail: <site> uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. (Error code: sec_error_expired_issuer_certificate)
?
It is possible that Firefox is trying more than one cipher to connect to the server and that some ciphers produce this error.
I usually keep all 128 bit SSL3 ciphers disabled and only enable security.ssl3.rsa_rc4_128_md5 or security.ssl3.rsa_rc4_128_sha for sites that still only work with 128 bit and not 168 or 256 bit.