We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox cannot access all pages of an HTTPS site.

  • 6 replies
  • 12 have this problem
  • 1 view
  • Last reply by mesept

more options

We have one computer that cannot access all the pages on a specific HTTPS site. I do not want to advertise the URL here. We can login to the site and navagate to half of the pages but the other half give "(Error code: sec_error_unknown_issuer)". We have un-installed FF and dumped the appdata. Renamed the cert db and had it create it again. IE works on this from this computer to the web site. Every other computer at the office can access the web site with no problems, some using ESR some with regular FF. This system is using the latest ESR version of FF but we also tried the regular version. The only thing we have not tried is turning off the AV (Symantic). One thing I have noticed is the URLs on this web site are extremely long.

Why does FF honor the cert for some pages and not others. It also does not give us the option to add an exception.

Thanks

 Mesept
We have one computer that cannot access all the pages on a specific HTTPS site. I do not want to advertise the URL here. We can login to the site and navagate to half of the pages but the other half give "(Error code: sec_error_unknown_issuer)". We have un-installed FF and dumped the appdata. Renamed the cert db and had it create it again. IE works on this from this computer to the web site. Every other computer at the office can access the web site with no problems, some using ESR some with regular FF. This system is using the latest ESR version of FF but we also tried the regular version. The only thing we have not tried is turning off the AV (Symantic). One thing I have noticed is the URLs on this web site are extremely long. Why does FF honor the cert for some pages and not others. It also does not give us the option to add an exception. Thanks Mesept

Chosen solution

The first thing I checked was the cert chain, all the certs are valid. The time on the computers is fine, second thing I checked.

Like I said in an earlier post some pages work, some don't so that means the certs are valid for some pages, can't be a cert problem, they work some times. Also same site works with IE and chrome on same systems.

Can't bypass and accept the cert anyway it won't let me. That is turned off and I don't know how to turn it on.

Anyway I submitted a ticket to the owners of the web site last week and today all is working.

Thanks for the replies I don't have a resolution I assume the developers found a bug and fixed it.

Read this answer in context 👍 0

All Replies (6)

more options

That is strange. Any difference in Firefox's Safe Mode? That's a standard diagnostic tool to deactivate extensions and some advanced features of Firefox. More info: Diagnose Firefox issues using Troubleshoot Mode.

If Firefox is not running: Hold down the Shift key when starting Firefox.

If Firefox is running: You can restart Firefox in Safe Mode using either:

  • "3-bar" menu button > "?" button > Restart with Add-ons Disabled
  • Help menu > Restart with Add-ons Disabled

and OK the restart.

Both scenarios: A small dialog should appear. Click "Start in Safe Mode" (not Refresh).

more options

We have more information this problem occurs on all our Win 8.1 systems but not our Win 7 systems. I call this a Microsoft Injected error.

Safe Mode does not help.

Thanks

  Mesept
more options

Did you check the certificate chain to make sure that the server sends all required intermediate certificates?

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer.

You can see more details like the intermediate certificates that are used in the Details tab.


Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future use. Stored intermediate certificates show as "Software Security Device" in the "Security Device" column in the Certificate Manager. A server needs to send the full certificate chain that includes all required intermediate certificates. If a server doesn't send a full certificate chain then you wouldn't get an untrusted error if Firefox has stored missing intermediate certificates by visiting a server in the past that has send this certificate, but you do get an untrusted error if this intermediate certificate isn't stored yet.

more options

Chosen Solution

The first thing I checked was the cert chain, all the certs are valid. The time on the computers is fine, second thing I checked.

Like I said in an earlier post some pages work, some don't so that means the certs are valid for some pages, can't be a cert problem, they work some times. Also same site works with IE and chrome on same systems.

Can't bypass and accept the cert anyway it won't let me. That is turned off and I don't know how to turn it on.

Anyway I submitted a ticket to the owners of the web site last week and today all is working.

Thanks for the replies I don't have a resolution I assume the developers found a bug and fixed it.

more options

Do you see the full certificate chain in the certificate viewer in all cases?

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

more options

I did all the things from the Mozilla web site about cert problems. Again it worked on some pages and not others. The Cert DB had nothing to do with it. I tried that on day one.

Again the problem is resolved we don't need to post past this message. We don't know what caused it and unless the web site admins contact me (not holding my breath) we will never know.

This is over.