"Your connection is not secure" on 90% of sites I now visit
I get this error now:
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)
Everything was fine until I reinstalled windows. I have Kapersky 2016 on my PC and i followed your instructions on this site but that did not resolve.
I get this error for MANY MANY sites, from Facebook and many many others.
Chrome and iE both open the sites no issues at all.
Addng the exception doesnt help because all I get then is a page full of hyperlinks in most cases, with no graphics.
I have tried to uninstall and reinstall FF but issue persists.
Please help me fix this.
Tất cả các câu trả lời (9)
by the way I am using Win 7 64 bit Ultimate. Freshly installed less than 24 hours ago.
ALL windows updates have been completed.
What security software do you have?
There is security software like Avast and Kaspersky and BitDefender and ESET that intercepts secure connections and sends their own certificate or that incorporates special web shielding features that can block content.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- click "Advanced" to expand the error message
- click "Add Exception" to open "Add Security Exception"
If this isn't possible then open "Add Security Exception" by pasting this URL in the location/address bar and paste the URL of the website (https://xxx.xxx) in it's location field.
- chrome://pippki/content/exceptionDialog.xul
Let Firefox retrieve the certificate -> "Get Certificate"
- click the "View" button and inspect the certificate
check who is the issuer of the certificate
You can see details like intermediate certificates that are used in the Delete tab.
Who is the issuer of the certificate?
As I stated in my opening post I have Kapersky 2016 and I followed the instructions given on this site to go to Settings>Additional>Network and check off Do not scan encrypted connections.
Doing that made no difference.
Seriously?? Am I being told above that in order to resolve this i have to view each sites certificatie? Am I misunderstandning?? Quite frankly if I have to jump through all those hoops to make this browser work as it once did and as all my other browsers work, then perhaps I need to finally move away from Firefox after all these years of trying to stick with it even though i had countless issues.
I just re read your reply. Did you read mine AT ALL?
Everything you told me to do in your reply is EVERYTHING That I said I tried. Please read what I wrote. I said I have Kaperksy and tried the fix I found on this site and i said I tried to add exceptions but it just showed a page full of hyperlinks and no graphics. Why am I repeating myself?
Please try to give me a genuine response and not some canned copy and paste. I need a resolution or I just need to remove Firefox altogether. I have been using Firefox since version 1 so its not something I want to do but with all the issues lately, the deal with addons not being able to run because Firefox cant verify, having to always close and reopen firefox because it likes to freeze, finding firefox sitting in my memory still even tho Its been closed (even on a fresh OS install with nothing else installed) and now this issue... it's crazy.
Sorry , I missed the part about Kaspersky.
Did you add to Kaspersky fake certificate to the Firefox Certificate Manager?
- Tools > Options > Advanced > Certificates: View Certificates
You can import the Kaspersky root certificate in the Certificate Manager under the Authorities tab. You can find "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" in this folder:
- "C:\ProgramData\Kaspersky Lab\AVP16.0.0\Data\Cert"
When prompted, place a tick on "Trust this CA to identify websites" trust bit to make the imported certificate work as a trusted root certificate to trust websites.
Note that trust bits should only be set for a trusted root certificate and never for intermediate certificates.
Jaredtch said
As I stated in my opening post I have Kapersky 2016 and I followed the instructions given on this site to go to Settings>Additional>Network and check off Do not scan encrypted connections.
Doing that made no difference.
If you turned off scanning of encrypted connections in Kaspersky and sites are still blocked, then there may be something else in play. If importing the certificate doesn't solve it, then please check the issuer to see why it is unknown. For example, you can load my test page at:
https://jeffersonscher.com/res/jstest.php
Assuming you get an error page, expand the "Advanced" button and look for an Add Exception button.
Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.
Click Add Exception, and the certificate exception dialog should open.
Click the View button. If View is not enabled, try the Get Certificate button first.
This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.
Jaredtch said
...the deal with addons not being able to run because Firefox cant verify, having to always close and reopen firefox because it likes to freeze, finding firefox sitting in my memory still even tho Its been closed (even on a fresh OS install with nothing else installed) and now this issue...
I believe the first issue was addressed with a temporary workaround in an earlier thread.
On the second issue, you may want to check the support article "Firefox hangs or is not responding - How to fix" and also consider the following to minimize potential issues with Flash during your troubleshooting:
(1) To avoid unnecessary pain on sites where Flash is not actually essential, try setting Flash to Click-to-Play ("Ask to Activate"). This will delay Flash from starting on a page until you approve it.
To set "Ask to Activate", open the Add-ons page using either:
- Ctrl+Shift+a
- "3-bar" menu button (or Tools menu) > Add-ons
In the left column, click Plugins. Look for "Shockwave Flash" and change "Always Activate" to "Ask to Activate".
With this setting, when you visit a site that wants to use Flash, you should see a notification icon in the address bar and usually (but not always) one of the following: a link in a dark gray rectangle in the page or an infobar sliding down between the toolbar area and the page.
The plugin notification icon in the address bar typically looks like a small, dark gray Lego block. (If it's red, Flash needs updating.)
The delay in activating Flash can help distinguish between problems caused on initial page load, styling, and script activation vs. loading/running Flash.
If you see a good reason to use Flash, and the site looks trustworthy, you can go ahead and click the notification icon in the address bar to allow Flash. You can trust the site for the time being or permanently.
But some pages use Flash only for tracking or playing ads, so if you don't see an immediate need for Flash, feel free to ignore the notification! It will just sit there in case you want to use it later.
(2) A common cause of unresponsive script errors on Windows Vista and higher is the protected mode feature of the Flash player plugin. That feature has security benefits, but seems to have serious compatibility issues on some systems. You can disable it using the Add-ons page. Either:
- Ctrl+Shift+a
- "3-bar" menu button (or Tools menu) > Add-ons
In the left column, click Plugins. On the right side, find "Shockwave Flash" and click the More link. Then uncheck the box for "Enable Adobe Flash protected mode" and try that for a day to see whether it helps.
On the third issue, do you have Firefox set to clear history when it closes? (Some users also experienced Firefox unable to close connections at shutdown in recent months, but that seems to have subsided.)
Thank you. I appreciate the information on the other issues I usually have with Firefox. I will try them.
I did find the work around the verification of add ons.. that works.. though I hear soon Mozilla is going to make it so that doesnt work and from what I have heard our only option will be to get the dev copy of Firefox. That stinks. I have some paid add ons that I rely on that show as unverified.
Never the less, I did find out what the issue was with the security... I dont know if this will help anyone else BUT... I have software called Jaksta. I have been using this for years. Yet for some reason when I installed it on my fresh copy of windows, it had a setting turned on "Enable scanning of HTTPS/SSL connections" As soon as i unchecked that, I no longer had the security certificate issue.
One again, thank you for all the help. I will be trying them all out.
Jaredtch said
I have software called Jaksta. I have been using this for years. Yet for some reason when I installed it on my fresh copy of windows, it had a setting turned on "Enable scanning of HTTPS/SSL connections" As soon as i unchecked that, I no longer had the security certificate issue.
I think that is "media catcher" software which intercepts your browsing to watch for and save media files. Since popular sites like YouTube and Facebook now use HTTPS, that feature probably is necessary for many users of the software.