This website is Untrusted because of un-signed certificate
I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.
All Replies (11)
In the Technical Details section of the certificate error page, could you copy and paste the explanation into a reply (especially the part in parentheses at the end of the description)? That may help in tracking down a more obscure issue.
servername removed uses an invalid security certificate. The certificate is not trusted because it is self-signed.
(Error code: sec_error_unknown_issuer)
Hmm, but you're saying it's not self-signed, it is signed by "Entrust Certification Authority - L1K"?
I have two of those in my certificate store and both are signed by "Entrust Certification Authority - L1K" which is signed by a trusted root. (Screen shot attached)
So this is a difficult problem to understand and may require more information about the server certificate. (And someone more expert to look at it.)
This is self-signed, sorry if i was not clear
Okay, you may need to make an exception. Does the error page have a third section that when you expand it has an Add Exception button?
my company is saying the reason they have the cert is so they don't have to use an exception. Is there a way to do it without an exception?
How is this being handled by IE? If you visit the page in IE, click the padlock, and view the certificate, then look at the part of the dialog that shows the certificate chain, is the server certificate listed as its own signing certificate? If that is working, you could try exporting that certificate from IE as a DER-format (.cer) file, and then importing it into Firefox's Certificate View on the Authorities tab.
I'm not sure that's any cleaner than making an exception... in many ways, it's a "super-exception" because it would allow other server certificates to be signed with the same authority certificate...
I'm being told that this is not supposed to work on IE.
Can you ask your IT what you're supposed to do then? If they know it isn't working in Firefox and it's not supposed to work in IE, it's hard to understand what they're thinking.
....unfortunately, I'm the IT. I've said exception a bunch of times but they don't like that answer.
I think you need more expertise to solve this than is available on this forum, sorry.