Firefox wrongly thinks that my website is using an invalid security certificate.. any clues?
I have recently installed a security certificate on my site. I tried various ssl checkers and the certificate seems to be fine. Firefox, however, does not like it and displays a warning page that says:
www.academi.pl uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
This happens on Windows, Mac and Linux machines in my office. I have also received a number of reports from site users who experience the same problem. It seems that the problem did not occur in firefox 7.x, but I have yet to verify it properly.
Does anyone knows a solution to that? I tried deleting certificates manually in Preferences, but it did not help.
Chosen solution
this worked for me! i had all but given up when i received this answer in my inbox this morning. i was sceptical at first, thinking something so simple could not possibly solve all my problems.... it did! sometimes simple is best. thank you all for the replies and the help getting this fixed!
Read this answer in context 👍 0All Replies (12)
Just an update: when I proceed to adding a security exception and examine the certificate's details, the following extensions are marked as "critical":
Extensions->Certificate Basic Constraints: Critical Is not a Certificate Authority
Extensions->Certificate Key Usage: Critical Signing Key Encipherment
Seems to be working fine here.
Are there any intermediate certificates (Software security Device) stored under Unizeto Sp. z o.o. under Authorities in the Certificate Manager?
- Firefox > Preferences > Advanced : Encryption: Certificates - View Certificates
Good point. There aren't - there are just Builtin object tokens. But the certificate chain is ok (verified by multiple checkers). It just seems that firefox does not retrieve the full chain. Interestingly enough, versioncheck.mozilla.addons.org:443 seems to be affected, too.
Is the time correct on all affected computers?
Where does the certificate chain stop when it happens?
Is there a router or a firewall that can possibly intercept secure connections and send their own certificate?
Modified
Yes, the time is correct.
I don't believe that the router intercepts secure connections. All the other secure sites work fine. The warning appears in my office, as well as at my house, and the network environments are totally different in these places (cable tv and adsl/phone). I also receive various reports from users that experience the same problem. I can't see any pattern there, but Firefox is the only browser that's affected.
Oh, I am not really sure how to tell where the certificate chain stops. It seems that Firefox fails to recognize the intermediate certificate. I don't know a way to examine the certificate chain that Firefox sees.
Modified
Try to rename the file cert8.db to cert8.db.old in the Firefox Profile Folder to remove all intermediate certificates that Firefox has stored by visiting secure websites.
If that helped to solve the problem then you can remove the renamed file cert8.db.old unless you have user certificates that you may want to export first and import them in the new file.
Otherwise you can restore the certificates by renaming (copying) the file back to cert8.db
Firefox will automatically store new intermediate certificates when you visit websites that send them.
I have just tried it, but it didn't make any difference. Any other clues?
UPDATE: Your solution worked! I was just being a muppet and did not restart firefox properly after deleting cert8.db.
Thank you very much for the tip!
Now the question is: what caused it? Is this a bug in firefox? The solution is quite easy once you know it, but having to explain to regular users may be tedious, to say the least....
cor-el or gr33nkriz, can you please walk a non-expert through the steps of what you did to solve this problem?
I am having major problems with FF 10.0 (and previous versions of FF, over the last six months) telling me that various security certificates are expired/invalid (chief among them is Google+ and other Google sites), as well as constant instances of "This site is untrusted!" notifications. I am having to click through to "confirm security exception" constantly, and even then, pictures, formatting, and content of many pages will not load.
Thanks for your help.
Sure.
1. Find your profile folder following the instructions given here:
http://blog.ffextensionguru.com/2010/04/24/locate-your-profile-folder-easily-in-firefox-3-6/
2. In the profile folder you will find the file named "cert8.db". Rename it to e.g., "cert8.db.old"
3. Restart firefox, but do it properly - in my case I did not notice that there were some instances still running even after I closed all the visible firefox windows.
This solved my problem, hope it will solve yours.
Unfortunately, that didn't work. I found that cert8 file. I had to close FF in order to rename it, but even after I did that, I still have the same problem. Now there is another cert8 file also (in addition to the "old" one I renamed). I deleted the "old" file, but the newly created one is there. I did check to make sure that all FF functions were closed, but the fix didn't do anything.
I have also made sure that the computer's date and time are correct. No luck. Thanks for your very quick help though!
Modified
Chosen Solution
this worked for me! i had all but given up when i received this answer in my inbox this morning. i was sceptical at first, thinking something so simple could not possibly solve all my problems.... it did! sometimes simple is best. thank you all for the replies and the help getting this fixed!