Qustodio causes your connection not secure error
After installing Qustodio I am no longer able to reach any web page with Firefox. The only way to browse with Firefox is to uninstall Qustodio.
This is the error message I get in Firefox for example when I go to yahoo mail but it is the same for any web site:
The owner of mail.yahoo.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
mail.yahoo.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
Chosen solution
crorad said
Thanks, changing the value to true worked but changing it back to false I get the same error. ... What is the disadvantage of leaving it at true?
Normally, Firefox relies on its own certificate file to assess whether it can trust what websites (or intermediaries) present to it. Setting that preference to "true" tells Firefox to trust sites that are trusted in the Windows certificate database, too.
The main negative is, in the situation that malware has injected a certificate into the Windows certificate store (rather than software you actually trust to read all your browsing connections), Firefox will play along rather than generating error screens.
The alternative involves numerous steps; I'll link to a thread that lists them for reference: https://support.mozilla.org/questions/1199797#answer-1064849
Sites seem to load slower when value is at true.
Well, the filter needs time to process what you're sending and retrieving, so that's not a huge surprise.
Read this answer in context 👍 2All Replies (3)
Yes, Qustodio is intercepting your connection and presenting fake site certificates to Firefox, and Firefox is none too happy.
Could you try this temporary settings change to see whether this works:
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(B) In the search box above the list, type or paste root and pause while the list is filtered
(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.
Once Firefox has picked up on the new "man in the middle" try switching the preference back to normal and see whether the education is permanent.
If that doesn't work, there is an export/import method. Or maybe Qustodio can do the setup automatically after a reboot or in some other way.
Thanks, changing the value to true worked but changing it back to false I get the same error. Sites seem to load slower when value is at true. What is the disadvantage of leaving it at true?
Chosen Solution
crorad said
Thanks, changing the value to true worked but changing it back to false I get the same error. ... What is the disadvantage of leaving it at true?
Normally, Firefox relies on its own certificate file to assess whether it can trust what websites (or intermediaries) present to it. Setting that preference to "true" tells Firefox to trust sites that are trusted in the Windows certificate database, too.
The main negative is, in the situation that malware has injected a certificate into the Windows certificate store (rather than software you actually trust to read all your browsing connections), Firefox will play along rather than generating error screens.
The alternative involves numerous steps; I'll link to a thread that lists them for reference: https://support.mozilla.org/questions/1199797#answer-1064849
Sites seem to load slower when value is at true.
Well, the filter needs time to process what you're sending and retrieving, so that's not a huge surprise.