Támogatás keresése

Kerülje el a támogatási csalásokat. Sosem kérjük arra, hogy hívjon fel egy telefonszámot vagy osszon meg személyes információkat. Jelentse a gyanús tevékenységeket a „Visszaélés bejelentése” lehetőséggel.

További tudnivalók

A témacsoportot lezárták és archiválták. Tegyen fel új kérdést, ha segítségre van szüksége.

Firefox does not trust DigiCert Global Root CA even though trust is set

  • 1 válasz
  • 1 embernek van ilyen problémája
  • 13 megtekintés
  • Utolsó üzenet ettől: cor-el

more options

I've had trouble accessing websites that use a certificate that's signed with the DigiCert Root CA. As an example, if I open up blog.mozilla.org, I get a SEC_ERROR_UNKNOWN_ISSUER.

This is somehow related to my user profile. If I create a new profile, the problem disappears.

I've tried deleting cert*.db in my profile directory to no avail. I checked about:config and I couldn't find any relevant non-default configuration.

To my surprise, if I want to manually set the trust of the certificate in the certificate manager ("Edit Trust"), it tells me that the certificate is trusted. However, if I click on "View Certificate", I get the following error: "Could not verify this certificate because the issuer is unknown."

I don't know much about CAs, but it seems to be surprising how the issuer of a Root CA could be unknown, isn't that the whole point of a Root CA that it does not need to be signed by another certificate?

The more important question: Where in my profile may I have a non-default option that causes Firefox to not trust the DigiCert Global Root CA?

I've had trouble accessing websites that use a certificate that's signed with the DigiCert Root CA. As an example, if I open up blog.mozilla.org, I get a SEC_ERROR_UNKNOWN_ISSUER. This is somehow related to my user profile. If I create a new profile, the problem disappears. I've tried deleting cert*.db in my profile directory to no avail. I checked about:config and I couldn't find any relevant non-default configuration. To my surprise, if I want to manually set the trust of the certificate in the certificate manager ("Edit Trust"), it tells me that the certificate is trusted. However, if I click on "View Certificate", I get the following error: "Could not verify this certificate because the issuer is unknown." I don't know much about CAs, but it seems to be surprising how the issuer of a Root CA could be unknown, isn't that the whole point of a Root CA that it does not need to be signed by another certificate? The more important question: Where in my profile may I have a non-default option that causes Firefox to not trust the DigiCert Global Root CA?

Összes válasz (1)

more options

A root certificate can only work if is has the appropriate trust bit(s) set. For builtin root certificates this should happen automatically.

What certificate chain do you get?

Issues caused by broken certificates are normally fixed by deleting cert9.db and cert8.db and maybe cert_override.txt as well.

Other related files you can look at are pkcs11.txt and secmode.db. I don't think that prefs are involved in this case.

Módosította: cor-el,