after fedora linux upgrade of firefox, cert error on google homepage
Bug 1648617 on redhat bugzilla is not getting any attention ... nine times out of ten when I open firefox it goes to a page saying "your connection is not secure" when visiting https://www.google.com/ If I hit alt-home to go to the home page (google) about ten times, on the tenth time approximately it will load google successfully. Then it works fine for a few times. If I launch a separate instance of the browser it works okay. Then if I close firefox and do not use it for a while it goes back to the original state of not working.
Steps to Reproduce: 1. start web browser, assuming home page is https://www.google.com 2. 3.
Actual results: Your connection is not secure
The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
www.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
Error code: SEC_ERROR_UNKNOWN_ISSUER There are tons of error reports on the firefox website pertaining to this. looks like jscher2000 does not think something is wrong and thinks firefox is configured incorrectly, but lots of people were complaining about this. Note: I noticed that very briefly when firefox loads up, it flashes on the screen one of those firefox home pages that you get when you first install or upgrade firefox. Since this is a recently upgraded fedora from 28 to 29, I thought maybe it was getting stuck on that page (sort of like a splash screen after the upgrade). ........
when I start firefox especially after a firefox upgrade I get the above error with the "your connection is not secure" message. Then I can either press the "Learn more" button which is described above or "Back". I found out that if you press the other button "Back" it takes me to https://start.fedoraproject.org; if I press the "left" button on firefox after that it takes me to the first web page in the "stack" which is my home page https://www.google.com which loaded; but if I try a google search it does not work. The only place I could find https://start.fedoraproject.org in any configuration files is in /usr/lib64/firefox/browser/omni.ja /usr/lib64/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js /usr/lib64/firefox/browser/defaults/preferences/
The bug is that when you upgrade firefox it shows this default the first time you open firefox. It is SUPPOSED to go back to the default homepage I set for myself, https://www.google.com on subsequent invocations of firefox. But it does not. Also it gives the security error.
Can someone please comment on this? I can not use the web browser decently.
Also the firefox website said this may be due to an incorrectly set system clock or timezone. System clock can not be set in bios !!!! root@electron# timedatectl status
Local time: Sat 2019-02-02 21:45:06 PST Universal time: Sun 2019-02-03 05:45:06 UTC RTC time: Sun 2019-02-03 05:45:06 Time zone: America/Los_Angeles (PST, -0800)
System clock synchronized: yes
NTP service: active RTC in local TZ: no
root@electron#
Tutte le risposte (3)
https://www.theregister.co.uk/2018/02/07/beware_the_coming_chrome_certificate_apocalypse/
something about symantec and google fighting over google's https policy
and symantec's issuing of certificates.
The message I get is:
====================
Your connection is not secure
The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites [Go Back] [Advanced]
====================
when you look to the left of the URL, you see an "i" inside a circle, not a security green lock. When you click on the "i", you get the option to click on the ">" to the right of "connection is not secure" which takes you to "site security / www.google.com" and at the bottom there is a tab for "more information". Clicking on "more information" gives you a dialog box with a button to "view certificate". That button does not work. Looks like a bug.
On the main page described above, if you click on "[Advanced]" you can obtain a certificate.
==========
www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
==========
clicking on SEC_ERROR_UNKNOWN_ISSUER gives:
==========
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: true HTTP Public Key Pinning: true
Certificate chain:
BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIIDp8RkUiHFBowDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xOTAxMjMwOTE1MDBaFw0x OTA0MTcwOTE1MDBaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRcw FQYDVQQDDA53d3cuZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA BF9npfzvuShplCk41YIjZBJFTnIAmXV6Mq8TTdtzN7ALVaj2plVLMIfgNtif5PWp ngWE8JV1SRE0DT+y0Zirrj6jggFSMIIBTjATBgNVHSUEDDAKBggrBgEFBQcDATAO BgNVHQ8BAf8EBAMCB4AwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYB BQUHAQEEXDBaMC0GCCsGAQUFBzAChiFodHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFNH SUFHMy5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnBraS5nb29nL0dUU0dJ QUczMB0GA1UdDgQWBBQfNzlnLmWHKb5HtBSinF7DFIHKzzAMBgNVHRMBAf8EAjAA MB8GA1UdIwQYMBaAFHfCuFCaZ3Z2sS3ChtCDoH6mfrpLMCEGA1UdIAQaMBgwDAYK KwYBBAHWeQIFAzAIBgZngQwBAgIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2Ny bC5wa2kuZ29vZy9HVFNHSUFHMy5jcmwwDQYJKoZIhvcNAQELBQADggEBAL9f+afc GhwHfe/jqXIsV/PLTsPqPlMwxLF73mN7YdJxwAk/YesPuTsEk1mnekE/H6XNhwrn XIGFyJT9zM3OJuGqqD724E4niyUUpD9+3QrTsCyA9Dsgk3w2V2d7F0E9RP/c0cu+ svCh092rrPo6xPMLv1K5p6Sz9w+flEYGTHoBojg2FZE8c2U27upS2WH64+39/s1R OMuIyu8T6o3wzWuAnmuIYwB2TbfmLdV+5jnwLUkm9hVlswGGc0qOQXfTic2tbVCc YxXaZjVINt84wqVNcoSn0a1eUKSJeVRumU/cwt2TgaeMcxfD2OS59P7n6ZbS9pMb +qqMPOOpJVIG4xc=
END CERTIFICATE-----
BEGIN CERTIFICATE-----
MIIEXDCCA0SgAwIBAgINAeOpMBz8cgY4P5pTHTANBgkqhkiG9w0BAQsFADBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy MTUwMDAwNDJaMFQxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg U2VydmljZXMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzMw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKUkvqHv/OJGuo2nIYaNVW XQ5IWi01CXZaz6TIHLGp/lOJ+600/4hbn7vn6AAB3DVzdQOts7G5pH0rJnnOFUAK 71G4nzKMfHCGUksW/mona+Y2emJQ2N+aicwJKetPKRSIgAuPOB6Aahh8Hb2XO3h9 RUk2T0HNouB2VzxoMXlkyW7XUR5mw6JkLHnA52XDVoRTWkNty5oCINLvGmnRsJ1z ouAqYGVQMc/7sy+/EYhALrVJEA8KbtyX+r8snwU5C1hUrwaW6MWOARa8qBpNQcWT kaIeoYvy/sGIJEmjR0vFEwHdp1cSaWIr6/4g72n7OqXwfinu7ZYW97EfoOSQJeAz AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH AwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHfCuFCa Z3Z2sS3ChtCDoH6mfrpLMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd/cGYYu MDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdv b2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dz cjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYc aHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEA HLeJluRT7bvs26gyAZ8so81trUISd7O45skDUmAge1cnxhG1P2cNmSxbWsoiCt2e ux9LSD+PAj2LIYRFHW31/6xoic1k4tbWXkDCjir37xTTNqRAMPUyFRWSdvt+nlPq wnb8Oa2I/maSJukcxDjNSfpDh/Bd1lZNgdd/8cLdsE3+wypufJ9uXO1iQpnh9zbu FIwsIONGl1p3A8CgxkqI/UAih3JaGOqcpcdaCIzkBaR9uYQ1X4k2Vg5APRLouzVy 7a8IVk6wuy6pm+T7HT4LY8ibS5FEZlfAFLSW8NwsVz9SBK2Vqn1N0PIMn5xA6NZV c7o835DLAFshEWfC7TIe3g==
END CERTIFICATE-----
==========
I was not able to import this certificate successfully.
this is on fedora linux. I am not aware of any antivirus software, and there is no proxy (direct connect to internet) and the system clock is correct. do I need an "additional root certificate"? If so what please? I have tried deleting cert8.db and cert9.db and "firefox refresh-ing" the whole ~/.mozilla directory.