Can't get answer for Error code: SEC_ERROR_UNKNOWN_ISSUER in your FAQ
I can not log in to one site. This began just a few days ago. I CAN log in using Chrome and Edge with no problem. I have refreshed Firefox, removed all add-ons, even uninstalled and reinstalled to no avail. This is the error message I receive today:
login.diamondresorts.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
Yesterday I saw a longer text message with lots of coding 'jiberish'.
What can I do?
Soluzione scelta
I hadn't checked the server previously, but it appears that the server doesn't send a required intermediate certificate.
- Entrust Certification Authority - L1K
Firefox will store intermediate certificates that are send by servers for future use and if you visit a website that doesn't send a full certificate chain chain then Firefox can use such a saved certificate. If you do not have the intermediate certificate stored then you get an error message like in your case happened.
See also:
- https://www.ssllabs.com/ssltest/analyze.html?d=login.diamondresorts.com
- This server's certificate chain is incomplete. Grade capped to B
You can save the certificate text you see on the error page to a .cert file or download the certificate via this link.
You can import this certificate file in the Firefox Certificate Manager under the Authorities tab.
- Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities: Import
You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate).
Do NOT set any trust bits when prompted on an intermediate certificate. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.
If you reload the page then you should no longer get this distrusted error.
Leggere questa risposta nel contesto 👍 1Tutte le risposte (6)
Forgot to say I use Windows Defender for security.
That means there is a problem with the certificate for the website. This is a website issue.
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
You can check if there is more detail available about the issuer of the certificate.
- click the "Advanced" button show more detail
- click the blue error text (SEC_ERROR_UNKNOWN_ISSUER) to show the certificate chain
- click "Copy text to clipboard" and paste the base64 certificate chain text in a reply
If clicking the blue error text doesn't provide the certificate chain then try these steps to inspect the certificate.
- open the Servers tab in the Certificate Manager
- Options/Preferences -> Privacy & Security
Certificates: View Certificates -> Servers: "Add Exception"
- Options/Preferences -> Privacy & Security
- paste the URL of the website (https://xxx.xxx) in it's Location field
Let Firefox retrieve the certificate -> "Get Certificate"
- click the "View" button and inspect the certificate
You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.
Found the cert info.
https://login.diamondresorts.com/Account/SignIn?ReturnUrl=%252f
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: true HTTP Public Key Pinning: false
Certificate chain:
BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgIQRsDBD+ELKxoAAAAAUN6kLzANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x NzEwMjMxODEyNTFaFw0xOTEwMjMxODQyNTBaMIGbMQswCQYDVQQGEwJVUzEPMA0G A1UECBMGTmV2YWRhMRIwEAYDVQQHEwlMYXMgVmVnYXMxRDBCBgNVBAoTO0RpYW1v bmQgUmVzb3J0cyBJbnRlcm5hdGlvbmFsKERpYW1vbmQgUmVzb3J0cyBIb2xkaW5n cyxMTEMpMSEwHwYDVQQDExhsb2dpbi5kaWFtb25kcmVzb3J0cy5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkHe98addiM3ad1673ypN+GVXJ7Haq wIAwB199MXVhsb/lekDqrQ/DNjaMagogMv1PNmZTh9qAqr7DoEy6zI+It4ZRVjfN 3aonnt9wAhRTbQPiGJylHp7GpKOMXMQhFlYkav5n4qdy4uMH6ylgrTeax6pRkYLB hW3aLWslEDXCwJM/GDedaRKNeErkNn66VrHvqzFxn/pPbCLNBu3b5pf1nBYtV9G9 GfIDaapIlrm4Co5ysz1djo7g1HCKyWiGKaVSXDTsXlju17eDzEEDkcIDftOovyBx XebjGDWVjTGxh0Rzq0LZBJGlATsv6HtP9q4OSTl252BUU5nak/tT5HrzAgMBAAGj ggGFMIIBgTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMwYD VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFrLmNy bDBLBgNVHSAERDBCMDYGCmCGSAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDov L3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAj BggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKG J2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAjBgNVHREE HDAaghhsb2dpbi5kaWFtb25kcmVzb3J0cy5jb20wHwYDVR0jBBgwFoAUgqJwdN28 Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFB8e3eRkzFPYd4gSjRecfj663fOTMAkG A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKzdZqT5BmEeBQNbodBNca0ltMg9 coO3+mtZXTgfYs1Gcjyl7t1rnrcI/vSV4zCTNOISkQLV4qSRoy4ALPFbMLLxMUHl UsshyQq79OP9U0mzGhfJlkpXkDkD7VVaaYm7qM4PZV9FSPY68NDm2JG/8cqI+SmN /fQbFLC0axfMJvXB16p9F4+k2Tl3vh+8wt0vbtHSZhbq+hjrzKOWNRTaL5eNixqS EHL2TcqI7VSOzMJf9c8M5CfX2Ab/SgAEl1Vh7kPhueO3x6PJfVYZTsTBgr52oCUZ A7h7SkAIPR2PvZ2y2dRKCzs5Zlg3zab1XI2VctoWISB5AVaN1IV827bVBNI=
END CERTIFICATE-----
Soluzione scelta
I hadn't checked the server previously, but it appears that the server doesn't send a required intermediate certificate.
- Entrust Certification Authority - L1K
Firefox will store intermediate certificates that are send by servers for future use and if you visit a website that doesn't send a full certificate chain chain then Firefox can use such a saved certificate. If you do not have the intermediate certificate stored then you get an error message like in your case happened.
See also:
- https://www.ssllabs.com/ssltest/analyze.html?d=login.diamondresorts.com
- This server's certificate chain is incomplete. Grade capped to B
You can save the certificate text you see on the error page to a .cert file or download the certificate via this link.
You can import this certificate file in the Firefox Certificate Manager under the Authorities tab.
- Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Authorities: Import
You can find the Certificates section at the bottom of the "Privacy & Security" page or use the search bar (certificate).
Do NOT set any trust bits when prompted on an intermediate certificate. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.
If you reload the page then you should no longer get this distrusted error.
Modificato da cor-el il
Whatever you said (above) WORKED. Looks like I got in. Thanks!