Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

"Your connection is not secure" on *any* SSL site

more options

I get this error message on *any* secure site I go to (youtube, gmail, Wikipedia, even Mozilla.org)

Your connection is not secure

The owner of www.mozilla.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Or this one...

Your connection is not secure

The owner of www.youtube.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Learn more…

www.youtube.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)

Checked in Options>Advanced>View Certificates>Authorities and it looks like there are plenty of root certificates there. Tried removing and reinstalling Firefox, and I still get the same error. What's going on? I couldn't even connect to Mozilla.org with Firefox, so I had to post this question with Internet Explorer.

I get this error message on *any* secure site I go to (youtube, gmail, Wikipedia, even Mozilla.org) Your connection is not secure The owner of www.mozilla.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Learn more… Or this one... Your connection is not secure The owner of www.youtube.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. Learn more… www.youtube.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer) Checked in Options>Advanced>View Certificates>Authorities and it looks like there are plenty of root certificates there. Tried removing and reinstalling Firefox, and I still get the same error. What's going on? I couldn't even connect to Mozilla.org with Firefox, so I had to post this question with Internet Explorer.

Chosen solution

it may be possible. first you'd have to find out which certificate is really injected into websites: first open a secure page like https://example.com/, on the error page click on advanced > add exception... and on the dialog window that opens click on "view...". have a look at the issuer name of the untrusted certificate.

you might then be able to export that certificate from your windows trust store into firefox, like jscher2000 has described it at https://support.mozilla.org/questions/1089816#answer-796756

Read this answer in context 👍 10

All Replies (6)

more options

hi imrazor, please see if our support article How to troubleshoot security error codes on secure websites can help you with this.

more options

That helps, but doesn't solve the problem. I'm on a corporate network, so it's probably some sort of certificate injection. I can't count on any support from IT due to IE being the standard browser. I tried adding the corporate root CA to the certificates, but that didn't help. Is there any way I can configure Firefox to accept the injected certificate?

more options

Chosen Solution

it may be possible. first you'd have to find out which certificate is really injected into websites: first open a secure page like https://example.com/, on the error page click on advanced > add exception... and on the dialog window that opens click on "view...". have a look at the issuer name of the untrusted certificate.

you might then be able to export that certificate from your windows trust store into firefox, like jscher2000 has described it at https://support.mozilla.org/questions/1089816#answer-796756

more options

Oddly enough, https://example.com worked without interference. But I found another secure website that was injected, and was able to extract the certificate from that. Apparently what I had thought was the root CA was not, but I managed to capture the correct certificate this time and import it as a root CA. Youtube, Google News, Mozilla.org, etc. all load properly now. Thanks!

more options

This solution is kind of weird. None of the websites where I get this error message consistently return that message to me whenever I open them. E.g. Youtube may open without a problem on one day, but not another. My email on one day but not another, etc. So talking about "injecting a certificate" is kind of moot since this error message must be objecting to something quite different that what it claims to do.

more options

Hi ratpacker, when your browser exhibits unusual behavior not addressed by an existing question, it's best to start a new question. You can use the following link to get started. Assuming that the existing articles don't cover your situation, keep scrolling down to continue with the form.

https://support.mozilla.org/questions/new/desktop/websites