We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

This website is Untrusted because of un-signed certificate

more options

I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.

I am getting the "This connection is Untrusted" page when trying to reach an intranet site. Certs are installed correctly on the server to allow us to get there. the certificate, which is a server cert, has a certificate hierarchy of going through Entrust Certification Authority - L1K and then Entrust Root Certification Authority - G2 before getting to the Entrust root Certification Authority. when i look at both "Entrust Certification Authority - L1K" and then"Entrust Root Certification Authority - G2" (which are authority certs), they do not have a hierarchy more then just themselves.

Все ответы (11)

more options

In the Technical Details section of the certificate error page, could you copy and paste the explanation into a reply (especially the part in parentheses at the end of the description)? That may help in tracking down a more obscure issue.

more options

servername removed uses an invalid security certificate. The certificate is not trusted because it is self-signed.

(Error code: sec_error_unknown_issuer)
more options

Hmm, but you're saying it's not self-signed, it is signed by "Entrust Certification Authority - L1K"?

I have two of those in my certificate store and both are signed by "Entrust Certification Authority - L1K" which is signed by a trusted root. (Screen shot attached)

So this is a difficult problem to understand and may require more information about the server certificate. (And someone more expert to look at it.)

more options

This is self-signed, sorry if i was not clear

more options

Okay, you may need to make an exception. Does the error page have a third section that when you expand it has an Add Exception button?

more options

my company is saying the reason they have the cert is so they don't have to use an exception. Is there a way to do it without an exception?

more options

How is this being handled by IE? If you visit the page in IE, click the padlock, and view the certificate, then look at the part of the dialog that shows the certificate chain, is the server certificate listed as its own signing certificate? If that is working, you could try exporting that certificate from IE as a DER-format (.cer) file, and then importing it into Firefox's Certificate View on the Authorities tab.

I'm not sure that's any cleaner than making an exception... in many ways, it's a "super-exception" because it would allow other server certificates to be signed with the same authority certificate...

more options

I'm being told that this is not supposed to work on IE.

more options

Can you ask your IT what you're supposed to do then? If they know it isn't working in Firefox and it's not supposed to work in IE, it's hard to understand what they're thinking.

more options

....unfortunately, I'm the IT. I've said exception a bunch of times but they don't like that answer.

more options

I think you need more expertise to solve this than is available on this forum, sorry.