Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Qustodio causes your connection not secure error

more options

After installing Qustodio I am no longer able to reach any web page with Firefox. The only way to browse with Firefox is to uninstall Qustodio.

This is the error message I get in Firefox for example when I go to yahoo mail but it is the same for any web site:

The owner of mail.yahoo.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

mail.yahoo.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

After installing Qustodio I am no longer able to reach any web page with Firefox. The only way to browse with Firefox is to uninstall Qustodio. This is the error message I get in Firefox for example when I go to yahoo mail but it is the same for any web site: The owner of mail.yahoo.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. mail.yahoo.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

Isisombulu esikhethiweyo

crorad said

Thanks, changing the value to true worked but changing it back to false I get the same error. ... What is the disadvantage of leaving it at true?

Normally, Firefox relies on its own certificate file to assess whether it can trust what websites (or intermediaries) present to it. Setting that preference to "true" tells Firefox to trust sites that are trusted in the Windows certificate database, too.

The main negative is, in the situation that malware has injected a certificate into the Windows certificate store (rather than software you actually trust to read all your browsing connections), Firefox will play along rather than generating error screens.

The alternative involves numerous steps; I'll link to a thread that lists them for reference: https://support.mozilla.org/questions/1199797#answer-1064849

Sites seem to load slower when value is at true.

Well, the filter needs time to process what you're sending and retrieving, so that's not a huge surprise.

Funda le mpendulo kwimeko leyo 👍 2

All Replies (3)

more options

Yes, Qustodio is intercepting your connection and presenting fake site certificates to Firefox, and Firefox is none too happy.

Could you try this temporary settings change to see whether this works:

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(B) In the search box above the list, type or paste root and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.

Once Firefox has picked up on the new "man in the middle" try switching the preference back to normal and see whether the education is permanent.

If that doesn't work, there is an export/import method. Or maybe Qustodio can do the setup automatically after a reboot or in some other way.

more options

Thanks, changing the value to true worked but changing it back to false I get the same error. Sites seem to load slower when value is at true. What is the disadvantage of leaving it at true?

more options

Isisombululo esiKhethiweyo

crorad said

Thanks, changing the value to true worked but changing it back to false I get the same error. ... What is the disadvantage of leaving it at true?

Normally, Firefox relies on its own certificate file to assess whether it can trust what websites (or intermediaries) present to it. Setting that preference to "true" tells Firefox to trust sites that are trusted in the Windows certificate database, too.

The main negative is, in the situation that malware has injected a certificate into the Windows certificate store (rather than software you actually trust to read all your browsing connections), Firefox will play along rather than generating error screens.

The alternative involves numerous steps; I'll link to a thread that lists them for reference: https://support.mozilla.org/questions/1199797#answer-1064849

Sites seem to load slower when value is at true.

Well, the filter needs time to process what you're sending and retrieving, so that's not a huge surprise.