Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

access to addons.mozilla.org is blocked in firefox but not in chrome

  • 10 replies
  • 1 has this problem
  • 3 views
  • Last reply by fmaathuis

more options

I want to use an addon which only is available to firefox. So I've installed firefox and tried to install this addon, but when going to the addons.mozilla.org I get an error SEC_ERROR_UNKNOWN_USER with no possibility to pass this by installing a certificate. When using chrome to access this page, there is no problem, but I can't download the addon as a file.

I want to use an addon which only is available to firefox. So I've installed firefox and tried to install this addon, but when going to the addons.mozilla.org I get an error SEC_ERROR_UNKNOWN_USER with no possibility to pass this by installing a certificate. When using chrome to access this page, there is no problem, but I can't download the addon as a file.

Chosen solution

What certificate chain do you see in Google Chrome if you open the Details tab (second screenshot)?

If there is a root certificate that some filter software might be adding this certificate to the Windows certificate store. Firefox uses its own certificate store and won't see and use this root certificate. You would have to export this root certificate (SVB Root CA) in Google Chrome and import this certificate in the Firefox Certificate Manager.

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates

You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate).

When prompted set the trust bit to use the certificate to "Trust this CA to identify websites.

Note that you should never set any trust bits on an intermediate certificate when prompted. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.

Read this answer in context 👍 0

All Replies (10)

more options

Who is the issuer of the certificate?

Can you please provide more detail about the issuer of the certificate?

  • click the "Advanced" button show more detail
  • click the blue SEC_ERROR_UNKNOWN_ISSUER message to show the certificate chain
  • click "Copy text to clipboard" and paste the base64 certificate chain text in a reply

If clicking the SEC_ERROR_UNKNOWN_ISSUER text doesn't provide the certificate chain then try these steps to inspect the certificate.

  • open the Server tab in the Certificate Manager
    • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Servers: "Add Exception"
  • paste the URL of the website (https://xxx.xxx) in it's Location field.

Let Firefox retrieve the certificate -> "Get Certificate"

  • click the "View" button and inspect the certificate

You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.

more options

https://addons.mozilla.org/

Uitgever van certificaat van peer wordt niet herkend.

HTTP Strict Transport Security: false HTTP Public Key Pinning: true

Certificaatketen:


BEGIN CERTIFICATE-----

MIIErDCCA5SgAwIBAgIRAPXq1wiYQ+MtSdy3XbtoRHYwDQYJKoZIhvcNAQELBQAw geAxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xsYW5kMRMwEQYDVQQH EwpBbXN0ZWx2ZWVuMSEwHwYDVQQKExhTb2NpYWxlIFZlcnpla2VyaW5nc0Jhbmsx PTA7BgNVBAsTNEQtSVQgLyBNYW5hZ2VkIFNlcnZpY2VzIC8gSW5mcmFzdHJ1Y3R1 dXIgLyBOZXR3ZXJrZW4xGjAYBgNVBAMMEVNWQl9zdWJDQV9jcHByb3h5MSYwJAYJ KoZIhvcNAQkBFhdJQ1QuVmVyYmluZGluZ2VuQHN2Yi5ubDAeFw0xNzA5MjgwMDAw MDBaFw0xOTEwMDQxMjAwMDBaMIHxMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXph dGlvbjETMBEGCysGAQQBgjc8AgEDEwJVUzEbMBkGCysGAQQBgjc8AgECEwpDYWxp Zm9ybmlhMREwDwYDVQQFEwhDMjU0MzQzNjELMAkGA1UEBhMCVVMxEzARBgNVBAgT CkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxGzAZBgNVBAoTEk1v emlsbGEgRm91bmRhdGlvbjEXMBUGA1UECxMOQ2xvdWQgU2VydmljZXMxGzAZBgNV BAMTEmFkZG9ucy5tb3ppbGxhLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAo6e3kufdugTl+PDFHc/QxWEz2BqFlX//l4pI8KKg2hDbsleakqKnFwSsK54A 9fyW6PP0h481Xgc+yCKcUMkQCHwhVlEoo4+QBHCbYwzQZqLRwCNbGu7m76SINGsv xC86VdwTzKAu0e1++/nRXp1S9PxEq6K1RxnCvEY5vhw7YyMCAwEAAaOB0TCBzjAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgYsGA1UdEQSBgzCBgIISYWRk b25zLm1vemlsbGEub3JnghFhZGRvbi5tb3ppbGxhLm9yZ4Ibc2VydmljZXMuYWRk b25zLm1vemlsbGEub3JnghxkaXNjb3ZlcnkuYWRkb25zLm1vemlsbGEub3Jnghxy ZXZpZXdlcnMuYWRkb25zLm1vemlsbGEub3JnMA4GA1UdDwEB/wQEAwIFoDAPBgNV HRMBAf8EBTADAQEAMA0GCSqGSIb3DQEBCwUAA4IBAQBKqbHY78JXlQm7NH8GPH3b TH4ckqlwtPlYtdKSWJSp7xFyyGOTkTpUZnvSAPWzJkQ8Qu7CqD/B0/l2GXdljz7f eL8aT6WtX6XJU+163cen5klQ9s6N56Cw/+yXyS7oNW822s5lQ4IcwaiHVDQX4aOG 06h9PqCQ9xdv5Ez8hSaStq37O5FEeeJEqx24PBtC+QqgXFF1bxXg+baQeY2545Sk oddG9t2s0i2xPGKG4iUc0HsV29jg8qyEXzBGDknpgiscXTx4VGh90uG+elrboqrT SZ7lmMnFnIO9oq8l7E/dP1Ee9vJdPqRQl/fwSuJ2X8YIOrVoithDQG+Rv07qcS1z


END CERTIFICATE-----
BEGIN CERTIFICATE-----

MIIH/jCCBeagAwIBAgIKYQugUQABAAAAKDANBgkqhkiG9w0BAQsFADAWMRQwEgYD VQQDEwtTVkIgUm9vdCBDQTAeFw0xODAzMjcwNzExMDlaFw0yODAzMjcwNzIxMDla MIHgMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDETMBEGA1UE BxMKQW1zdGVsdmVlbjEhMB8GA1UEChMYU29jaWFsZSBWZXJ6ZWtlcmluZ3NCYW5r MT0wOwYDVQQLEzRELUlUIC8gTWFuYWdlZCBTZXJ2aWNlcyAvIEluZnJhc3RydWN0 dXVyIC8gTmV0d2Vya2VuMRowGAYDVQQDDBFTVkJfc3ViQ0FfY3Bwcm94eTEmMCQG CSqGSIb3DQEJARYXSUNULlZlcmJpbmRpbmdlbkBzdmIubmwwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCx1sgq0+awQODpi82u6AjE7nv2a4SyZaZLzLQd 2a7eedNUxnzYDvQUzAWQyO76D0LX+bsNlJrtELR2Rv/PY50JUrMQhUnX3nn4F5eV j7JjzqMJKXma8vsCfEndgKqtnyaWSWCvM48UACCP0pMsfQnD3X67NvtE6G3gSaab /lSPCqtdGO2YDD9BU4hCWBlvHlY91szKvTcuwroJibAz5XFU2kzdALf2Yl+IKD7W cpTHM+8p2+fxGqFeL5Q9vcLfWs3RtunMnnu80nezlK64uAfNsG5O75qnmz+A36wx koY8AgZPL0Ml659Ukcp2wWrLXR2W0yuxPcJFf/PZe9Or4DGPAgMBAAGjggOBMIID fTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB5jCCAQUGA1UdEQSB/TCB+oIO YWNjcHYzLnN2Yi5vcmeCDnVjY3B2My5zdmIub3Jngg1wcm94eS5zdmIub3Jngg5w cm94eTIuc3ZiLm9yZ4IPcHJveHlhdi5zdmIub3Jngg9wcm94eXVyLnN2Yi5vcmeC D3Byb3h5YnIuc3ZiLm9yZ4IPcHJveHlkdi5zdmIub3Jngg9wcm94eWdyLnN2Yi5v cmeCD3Byb3h5bGQuc3ZiLm9yZ4IPcHJveHlueS5zdmIub3Jngg9wcm94eXBnLnN2 Yi5vcmeCD3Byb3h5cmQuc3ZiLm9yZ4IPcHJveHlybS5zdmIub3Jngg9wcm94eXpz LnN2Yi5vcmcwHQYDVR0OBBYEFMvoT8KYMbz3vcDIr6PcZtq6EpTbMB8GA1UdIwQY MBaAFAO5tDmkG3NmVHwF35xwVncIzHykMIH4BgNVHR8EgfAwge0wgeqggeeggeSG gbNsZGFwOi8vL0NOPVNWQiUyMFJvb3QlMjBDQSgxKSxDTj1BUFJDQSxDTj1DRFAs Q049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmln dXJhdGlvbixEQz1zdmIsREM9b3JnP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/ YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIYsaHR0cDovL2Nh LnN2Yi5vcmcvcGtpL1NWQiUyMFJvb3QlMjBDQSgxKS5jcmwwgf0GCCsGAQUFBwEB BIHwMIHtMIGqBggrBgEFBQcwAoaBnWxkYXA6Ly8vQ049U1ZCJTIwUm9vdCUyMENB LENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD Tj1Db25maWd1cmF0aW9uLERDPXN2YixEQz1vcmc/Y0FDZXJ0aWZpY2F0ZT9iYXNl P29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwPgYIKwYBBQUHMAKG Mmh0dHA6Ly9jYS5zdmIub3JnL3BraS9BUFJDQV9TVkIlMjBSb290JTIwQ0EoMSku Y3J0MBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMA0GCSqGSIb3DQEBCwUAA4IC AQBBrG86lmUqkMIeycVZOK21EsrWSZ30jB32S32XmzoBbLDcFfB9MNZPQkdYnRDU CYYmxr39sdFDq+Qsx9dkG6lJP+VCybePevrUWVNmevxURHBE+ZN6uvKma6O2g6Xq cSsWmLS7eHaBnzbm+v2WspIWcrwifdmRisTruiqjps9QUjr40SSmg+hlWaEIUDaF sqAWLYpGZZbAK+bNoVD9akZQr4Mlt3LODGJLlrYf0bMci9UUPZrtdIFaMNwWijXB tj3yK3Ej8A8WIjaZs5FntPoJZA7be0Ss9ogGcCqFvdfoGqZxFR4/KOQ9UENINb2M grXCxVFKSyKykiTdyFmoYz7J7Z+1prleH06VYwewNMdheM/jjBFCTNWOhxhGCefd g8BZDokVXcTvyl3vlI0maXm4oY8hz08Dwrlw+xoZWxlsRVnIrHRwrXVOWmjBl1hc SrdYI1YMU4dcdwFz+944ZxjPEedAXEh51SLMMbyN9q9Ckux+r27OxzejyM7Fx9iy X+WM2H3jwAWozGPh/hTKtxTbxuX5Zl2rq1NEBC7KMMYSP96sm993lynjJLnsr/ay 7aE/2fIJW57L+cKpfAhVItrMk294ngBXDyffSpYnaddZVEyIMP9SIEDFbFNMUzHy iyIU0Y7PR4yNmE4hfkq4P2qyprZCcDJx6WAUct7yPz/f2w==


END CERTIFICATE-----
more options

That is a weird certificate issued by a proxy from the Sociale VerzekeringsBank (SVB_subCA_cpproxy, emailAddress=ICT.Verbindingen@svb.nl)

You can check the connection settings and make sure that you aren't using this proxy.

  • Options/Preferences -> General -> Network: Connection -> Settings

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

See "Firefox connection settings":

more options

I've tried every other connection setting. The only setting where I get a connection is the one 'Use the system proxy settings', and that gives me the SEC_ERROR_UNKNOWN_ISSUER error.

more options

What certificate chain does Google Chrome show if you click the padlock?

No proxy should normally work unless there is some filter software or malware active that blocks internet access.

Boot the computer in Windows Safe mode with network support to see if that has effect in case security software is causing problems.

more options

save mode is not an option as I'm working with a virtual desktop. Made some screenshots from the certificate in chrome on addons.mozilla.org

more options

You can see that the issuer of the certificate is some kind of proxy.

You can check the connection settings.

  • Options/Preferences -> General -> Network: Connection -> Settings

If you do not need to use a proxy to connect to internet then try to select "No Proxy" if "Use the system proxy settings" or one of the others do not work properly.

See "Firefox connection settings":

more options

None of the settings work.

more options

Chosen Solution

What certificate chain do you see in Google Chrome if you open the Details tab (second screenshot)?

If there is a root certificate that some filter software might be adding this certificate to the Windows certificate store. Firefox uses its own certificate store and won't see and use this root certificate. You would have to export this root certificate (SVB Root CA) in Google Chrome and import this certificate in the Firefox Certificate Manager.

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates

You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate).

When prompted set the trust bit to use the certificate to "Trust this CA to identify websites.

Note that you should never set any trust bits on an intermediate certificate when prompted. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.

Modified by cor-el

more options

imported certificate from chrome, now Firefox can use the addons-page. Thanx Fons