Need solution for (Error code: mozilla_pkix_error_not_yet_valid_issuer_certificate)
I cannot connect to google.com this problem occurred when i updated the firefox and anti virus Kaspersky Internet security. By the time i could connect to rest of site gmail, bink, facebook etc but google search is not available I have done many troubleshooting process but no result. The time in my system is correct and cr8.db is not corrupted. But i could access google.com when the I off the the protection of Kaspersky Please find a solution for my problem
所有回复 (10)
The screenshot of error attached
This Connection is Untrusted
You have asked Firefox to connect securely to www.google.co.in, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. Technical Details www.google.co.in uses an invalid security certificate.
The certificate does not come from a trusted source.
(Error code: mozilla_pkix_error_not_yet_valid_issuer_certificate)
If you can't inspect the certificate via "I Understand the Risks" then try this:
Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field of this window type or paste the URL of the website.
- retrieve the certificate via the "Get certificate" button
- click the "View..." button to inspect the certificate in the Certificate Viewer
You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.
You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Sir thanks, i have attached the screen shoot that shows the certificate viewer.
The error "mozilla_pkix_error_not_yet_valid_issuer_certificate" sounds like a problem with the next certificate up the hierarchy. I have attached what I see for that one on my Firefox 41. You can compare using that Details tab in the dialog you screenshotted in your last reply.
Hmm, Kaspersky. Could you check whether you saved more than one signing certificate for Kaspersky:
"3-bar" menu button (or Tools menu) > Options > Advanced
Click the Certificates mini-tab, then the "View Certificates" button. This should open the Certificate Manager dialog.
In the Certificate Manager, click the Authorities tab. Then scroll down and look for Kaspersky or ZAO certificates. Only keep the latest one and remove any older ones.
If you end up removing a certificate, also check for Google certificates and remove any that Firefox saved automatically for Google Internet Authority G2.
OK out of the dialog and try https://www.google.co.in/ again. Any improvement?
Thanks sir, The problem was solved i was able get google.com but after i restarted morzilla again same problem arise " connection untrusted " I notice a interesting thing that i could get google.com when i sign in to google through gmail other wise it show " connection untrusted " But another problem arise after signing I closed the gmail tab then after i couldn't get google same error. Even-though if i keep gmail tab open at one side google is available at the beginning. Afterwards at google.com below the search box it shows '''''Google Instant is unavailable. Press Enter to search. Learn more''''' if i refresh google.com again they say connection is untrusted. STUCK!!!!!!!!!!!!!!
Certificate *.google.com
I don't understand what's happening with your Kaspersky. Why does the Kaspersky signing certificate not become valid until 19 October 2015? That is 3 days from now, according to my calendar. ???
I assume you have Kaspersky Internet Security 2016. If you have a different product, which one do you have?
According to the user guide (http://docs.kaspersky-labs.com/englis.../kis2016_userguide_en.pdf):
The following components perform decryption and scanning of encrypted traffic by default:
- Web Anti-Virus
- Safe Money
- Kaspersky URL Advisor
- Parental Control
I didn't see a quick way to switch off scanning of encrypted sites as there was in earlier versions, but you could explore the settings and see whether you can find it. At least until this not-yet-valid certificate problem is straightened out. (It's not obvious whether you can do it here using the "exclusions" link: How to configure Web Anti-Virus in Kaspersky Internet Security 2016).
Or maybe if you update your Kaspersky software they've fixed it already?