We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Претражи подршку

Избегните преваре подршке. Никада од вас нећемо тражити да зовете или шаљете поруке на број или да делите личне податке. Пријавите сумњиве радње преко „Пријавите злоупотребу” опције.

Сазнај више

Encrypted HTTPS websites always ask if I want to trust the certificate

  • 18 одговорa
  • 1 има овај проблем
  • 3 прегледа
  • Последњи одговор послао TyDraniu

more options

I am using Mozilla Firefox 64-bit with version 107.0 on Windows 10 21H2. I connect very often to HTTPS websites without a valid certificate. Often with certificates issued by themselves. Before it was always enough to say "I trust this website" once. Now the question comes again and again, whenever I connect. What could be the cause of this?

I am using Mozilla Firefox 64-bit with version 107.0 on Windows 10 21H2. I connect very often to HTTPS websites without a valid certificate. Often with certificates issued by themselves. Before it was always enough to say "I trust this website" once. Now the question comes again and again, whenever I connect. What could be the cause of this?

Сви одговори (18)

more options

Does no one have any ideas about this? This topic would be very important to me. Because it is already a bit annoying.

more options

Can you provide any example of this issue?

more options

What would you like to have with it? It's like I described: I open the web interface of my switch on day 1 for example and it comes up with the standard query if I trust this website "Warning: Potential Security Risk Ahead". I click on "Advanced..." and then on "Accept the Risk and Continue". On the second day 2 when I go back to the web interface of the switch the same message appears again.

more options

Does it happen for every website? If not, can you provide an exemplary domain address?

more options

It happens with every page...

more options

Is there an Advanced... button? Can you click it and paste here the certificate?

more options

TyDraniu schrieb

Is there an Advanced... button? Can you click it and paste here the certificate?

Attached are two screenshots of the certificate and the warning. Is that enough for you

more options

There should be also Download (string) link below. Try to click it and paste here the output.

more options

TyDraniu schrieb

There should be also Download (string) link below. Try to click it and paste here the output.

Attached here is this issue:

https://mamt-nas01/redirect.html?count=0.07759302844965466

Der Zertifikat-Aussteller der Gegenstelle wurde nicht erkannt.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Zertifikatskette:


BEGIN CERTIFICATE-----

MIIDvTCCAqWgAwIBAgIQW1DOKQjATneN1uH97hPDCTANBgkqhkiG9w0BAQsFADBH MUUwQwYDVQQDDDxUaGUgb3JpZ2luYWwgY2VydGlmaWNhdGUgcHJvdmlkZWQgYnkg dGhlIHNlcnZlciBpcyB1bnRydXN0ZWQwHhcNMTYwMzExMTA0NTI3WhcNMjYwMzA5 MTA0NTI3WjCBjjELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXBlaTEPMA0GA1UE BxMGVGFpcGVpMRswGQYDVQQKExJRTkFQIFN5c3RlbXMsIEluYy4xDDAKBgNVBAsT A1FUUzERMA8GA1UEAxMIUU5BUCBOQVMxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA cW5hcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyPxLm7HD5 1AiJOo6Dh2Jzi0oT328Eeriuw6Wg8g7cw/nnmU14eclP2R4QAaOHvxAFdxWLnZdx zrs9PykyKETxh4kZTc2k8C+Ckr6sDd5Rx5SYRV0P9vJ6o65LiXEtEin8CimymCzR FG/ie0cGXbtTj6qYhShEcSFNHRfKJEtk5zfGXC1yrF5o1nL9j5R4NzpEQDXGkbp5 8YorpBIE6dTKdNvyE3BqeXhBi1FqPGkuGKgj4pciujSpTzuzeBwDQOut+uEhHthR 3BjHqp+f9IeVKMrIYfRCt52B1b56dlKyz5ZhF/msrgcjc3YXA0h5Mm7dYuFuQ/2u +yJL1mHPx4vbAgMBAAGjXTBbMAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUQsix2U9U 9yAWqWlMoCfMy+3UcD0wHwYDVR0jBBgwFoAUQsix2U9U9yAWqWlMoCfMy+3UcD0w DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEASNfGszhqHo51rJUbsy3C 6rVacIJJtC28Y0sF/Z9vE6tbcNB4untVwZG/M2DoDgWvZ6MsIXXb4LKRBuxS6E+p zGJHhaePAMxT0O0WNLAYdWJKAu9lCoKeeKUAVzYfzyswDA9YTXYIsqOu7ay0U8Px Mmu0OUEqcaJ3BaStnSUmL5aPiCHND4Y/URAmqmyz+SO6yQIuQ7VjQaZ7blEetgp8 fyGRo1Po1XqC0mymwHU3mU1BKhHemIHWwLRPLysgU2tN7RFG8DVnM43f3k+W/Ini JHYYvNIwytxPRqyf4zip+/h5jB1yxpOpv5YLGFF7y2dGTF5Mu5OnIHpkYjaSVeZh Ig==


END CERTIFICATE-----

more options

cor-el schrieb

If you click the blue SEC_ERROR_UNKNOWN_ISSUER link then Firefox should show the base64 encoded certificate data and copy this data to the clipboard.

I have just posted.

cor-el schrieb

The screenshot shows a QNAP NAS certificate that you would expect to be used for connecting to a NAS and not for accessing internet.

This is also a local access, so no access via the Internet to the device. The strange thing is that I get this error message every time I connect to this NAS.

more options

Andreas Fendt said

The strange thing is that I get this error message every time I connect to this NAS.

Does Firefox forget if you simply close and re-open that tab, or only when you exit/restart Firefox and try again in the new session?

Firefox may remember exceptions only for the current session if you either

(A) use private windows -- site-specific information is not persisted to disk

(B) modified the value of security.certerrors.permanentOverride to false in about:config (but this is very uncommon unless you used a hardening list)

more options

I am really pleased how many are concerned with my problem. Thank you!

jscher2000 - Support Volunteer schrieb

Does Firefox forget if you simply close and re-open that tab, or only when you exit/restart Firefox and try again in the new session?

This is an interesting question: when I click on "Accept risk and continue", it doesn't matter for some time whether I restart Firefox (with about:profiles -> Restart Normal) or close the tab and open it again. There is no warning anymore. After a few hours I get this warning again.

jscher2000 - Support Volunteer schrieb

Firefox may remember exceptions only for the current session if you either (A) use private windows -- site-specific information is not persisted to disk

In this context, I am not concerned with private windows. I open these web pages normally.

jscher2000 - Support Volunteer schrieb

(B) modified the value of security.certerrors.permanentOverride to false in about:config (but this is very uncommon unless you used a hardening list)

I have not changed this setting and it is set to true.

more options

Andreas Fendt said

I am really pleased how many are concerned with my problem. Thank you!

jscher2000 - Support Volunteer schrieb

Does Firefox forget if you simply close and re-open that tab, or only when you exit/restart Firefox and try again in the new session?
This is an interesting question: when I click on "Accept risk and continue", it doesn't matter for some time whether I restart Firefox (with about:profiles -> Restart Normal) or close the tab and open it again. There is no warning anymore. After a few hours I get this warning again.

After a few hours... Unless your server generated a new certificate, it's hard to understand what would be changing in a few hours.

Or could there be any process on your system that removes/replaces the cert9.db file in your profile folder which stores exceptions? (Profiles - Where Firefox stores your bookmarks, passwords and other user data)

more options

jscher2000 - Support Volunteer schrieb

After a few hours... Unless your server generated a new certificate, it's hard to understand what would be changing in a few hours.

I will wait a few hours and revisit the same QNAP NAS and post the certificate string here. Maybe this will change.

jscher2000 - Support Volunteer schrieb

Or could there be any process on your system that removes/replaces the cert9.db file in your profile folder which stores exceptions? (Profiles - Where Firefox stores your bookmarks, passwords and other user data)

I don't know. Maybe it's because of my anti-virus program ESET? Maybe it changes the cert9.db?

more options

First Try:

   https://mamt-nas01/redirect.html?count=0.8902489143157176
   Der Zertifikat-Aussteller der Gegenstelle wurde nicht erkannt.
   HTTP Strict Transport Security: false
   HTTP Public Key Pinning: false
   Zertifikatskette:
   -----BEGIN CERTIFICATE-----
   MIIDvTCCAqWgAwIBAgIQDPAS73CEOWQA8UC3FQIoQjANBgkqhkiG9w0BAQsFADBH
   MUUwQwYDVQQDDDxUaGUgb3JpZ2luYWwgY2VydGlmaWNhdGUgcHJvdmlkZWQgYnkg
   dGhlIHNlcnZlciBpcyB1bnRydXN0ZWQwHhcNMTYwMzExMTA0NTI3WhcNMjYwMzA5
   MTA0NTI3WjCBjjELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXBlaTEPMA0GA1UE
   BxMGVGFpcGVpMRswGQYDVQQKExJRTkFQIFN5c3RlbXMsIEluYy4xDDAKBgNVBAsT
   A1FUUzERMA8GA1UEAxMIUU5BUCBOQVMxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
   cW5hcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyPxLm7HD5
   1AiJOo6Dh2Jzi0oT328Eeriuw6Wg8g7cw/nnmU14eclP2R4QAaOHvxAFdxWLnZdx
   zrs9PykyKETxh4kZTc2k8C+Ckr6sDd5Rx5SYRV0P9vJ6o65LiXEtEin8CimymCzR
   FG/ie0cGXbtTj6qYhShEcSFNHRfKJEtk5zfGXC1yrF5o1nL9j5R4NzpEQDXGkbp5
   8YorpBIE6dTKdNvyE3BqeXhBi1FqPGkuGKgj4pciujSpTzuzeBwDQOut+uEhHthR
   3BjHqp+f9IeVKMrIYfRCt52B1b56dlKyz5ZhF/msrgcjc3YXA0h5Mm7dYuFuQ/2u
   +yJL1mHPx4vbAgMBAAGjXTBbMAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUQsix2U9U
   9yAWqWlMoCfMy+3UcD0wHwYDVR0jBBgwFoAUQsix2U9U9yAWqWlMoCfMy+3UcD0w
   DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAb/H0ZYKL9rDHx8Rl+3YM
   hSRGrD/JA7NjIOYUbgC7v9Gsu2TJPIfuUBFN60803Y8ff2quUk4z0DaCrCAFIZXw
   GezQKMo2WPEoLO0ehblpktnJAM6KkkcCoybpjky9JfwX+OXWPAlpIK7dToYKI09W
   PpuRHZtBjB8qwONReeuLe+RLLfGYPBK/ralsWiiLGgmEmTzR/D3DXASjS58L2jH5
   j3PV/jq5xUCH8cRHIck6ATKGwvGyjHQECeQbsLkN0qETPEgyrHnKYGIcCgY2ryzy
   LHhpa4qIPp2RBObvZgkUdIjZNY8iGzr0D/ntFAAuRUdePgjDlYMw55WYVgW904++
   Dg==
   -----END CERTIFICATE-----

Second Try:

   https://mamt-nas01/redirect.html?count=0.9115867796392408
   Der Zertifikat-Aussteller der Gegenstelle wurde nicht erkannt.
   HTTP Strict Transport Security: false
   HTTP Public Key Pinning: false
   Zertifikatskette:
   -----BEGIN CERTIFICATE-----
   MIIDvTCCAqWgAwIBAgIQKWekz/bt5gfj2QhzfHh6nzANBgkqhkiG9w0BAQsFADBH
   MUUwQwYDVQQDDDxUaGUgb3JpZ2luYWwgY2VydGlmaWNhdGUgcHJvdmlkZWQgYnkg
   dGhlIHNlcnZlciBpcyB1bnRydXN0ZWQwHhcNMTYwMzExMTA0NTI3WhcNMjYwMzA5
   MTA0NTI3WjCBjjELMAkGA1UEBhMCVFcxDzANBgNVBAgTBlRhaXBlaTEPMA0GA1UE
   BxMGVGFpcGVpMRswGQYDVQQKExJRTkFQIFN5c3RlbXMsIEluYy4xDDAKBgNVBAsT
   A1FUUzERMA8GA1UEAxMIUU5BUCBOQVMxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
   cW5hcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyPxLm7HD5
   1AiJOo6Dh2Jzi0oT328Eeriuw6Wg8g7cw/nnmU14eclP2R4QAaOHvxAFdxWLnZdx
   zrs9PykyKETxh4kZTc2k8C+Ckr6sDd5Rx5SYRV0P9vJ6o65LiXEtEin8CimymCzR
   FG/ie0cGXbtTj6qYhShEcSFNHRfKJEtk5zfGXC1yrF5o1nL9j5R4NzpEQDXGkbp5
   8YorpBIE6dTKdNvyE3BqeXhBi1FqPGkuGKgj4pciujSpTzuzeBwDQOut+uEhHthR
   3BjHqp+f9IeVKMrIYfRCt52B1b56dlKyz5ZhF/msrgcjc3YXA0h5Mm7dYuFuQ/2u
   +yJL1mHPx4vbAgMBAAGjXTBbMAsGA1UdDwQEAwIFoDAdBgNVHQ4EFgQUQsix2U9U
   9yAWqWlMoCfMy+3UcD0wHwYDVR0jBBgwFoAUQsix2U9U9yAWqWlMoCfMy+3UcD0w
   DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAJcIpQEPiTpMKzwaBtZRz
   AdSDN30dD+/TJiGlZ+0GXj1UY+U2IDO8Yv5Zx0Tq4l6dkmaHZ3KbqAa39SGn4zpp
   MLbiUAkVG98YnfZHd2lMq6WeFm1zAhpQmP9kHWl0anaB+wkQxDykAe8OlB9QvV2O
   KhzB9upU4o+e8ojfEXPa75m6I70BmDBiVT5iqwYxiQWMblrccV+lj4EZxnt9vnAe
   YnTxBxdETz01eB2xSaiy08JnUGfteuthu3D/6b4KWXGPzwcmewybbinIy4zhNR1y
   Omltmr/t1Ta3ZJeQA6nlCIFQJZeeAtNZB26CDGnICN4vvIKH11ZRKJrxW/5vfzeW
   Jg==
   -----END CERTIFICATE-----
more options

As you can see, the server's certificate keeps changing. Every few hours. What could be the cause of this?

more options

Perhaps new certificates are generated regularly by the device or by an intermediary server representing itself as the device. ??

Two things I notice about the cert after decoding:

(1) "Issuer: CN = The original certificate provided by the server is untrusted"

I think that is provided by the server and is not a judgment issued by Firefox?

(2) The Subject Alt Name (SAN) field is blank.

More recent versions of Firefox require the server name to be in this field.

But setting those aside, the fact that the certificate keeps changing would still be a problem when you need to make an exception.


Have you checked for firmware updates? https://www.qnap.com/de-de/download

more options

Go to menu ≡ -> Settings and check your Proxy settings. It should be set to No proxy.