搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Error code: sec_error_expired_issuer_certificate

  • 10 个回答
  • 450 人有此问题
  • 1 次查看
  • 最后回复者为 cor-el

more options

Firefox will not let me into Bt.com. I can in Internet Explorer. Firefox says ....www2.bt.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired..... Which seems unlikly For British Telecom. How do I check if this is safe and not corrupted or How should I override it....My computer date and time clock is correct.....Thanks Tony

Firefox will not let me into Bt.com. I can in Internet Explorer. Firefox says ....www2.bt.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired..... Which seems unlikly For British Telecom. How do I check if this is safe and not corrupted or How should I override it....My computer date and time clock is correct.....Thanks Tony

被采纳的解决方案

That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.

What do you see if you open the bt.com site and inspect the certificate chain?

You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates in the Details pane.

定位到答案原位置 👍 5

所有回复 (10)

more options

bt.com uses a Verisign cert. There's been a rash of problems like this lately with Verisign certs, in which FF thinks that the intermediate cert has expired; other browsers, however, pick up the correct, as-yet unexpired date. Nothing you can do but use another browser; bt.com will have to fix its cert.

more options

Thanks toofySufi...I will gather the patience, energy & courage over the next few days to approach BT and see if they have the slightest understanding of your advice & can do something about it......I don't hold out much hope......Let's see what happens & I will keep you informed....Wish me Luck!...Tony

more options

There doesn't seem to be anything wrong with the certificate of the https://bt.com site as it works for me with a clean cert8.db file.

You can look for the "VeriSign Class 3 International Server CA - G3" intermediate certificate in the Certificate Manager and delete that certificate to make Firefox store a new certificate if the currently stored version has expired.

  • Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
  • Stored intermediate certificates show as "Software Security device" in the Certificate Manager.
  • Build-in root certificates show as "Builtin Object Token" on the Authorities tab in the Certificate Manager.
more options

Hi cor-el....The certificate is well within the expiry date. If I delete it will Firefox set up a new expiry date when I re-set up access to this site? & how do I recognise "VeriSign Class 3 International Server CA - G3" as the BT safety certificate....Thanks Tony

more options

You can open the Certificate Manager

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates
  • Go to the Authorities tab.
  • Scroll down to the VeriSign section.

Look for a certificate with the name "VeriSign Class 3 International Server CA - G3" that has "Software Security device" in the "Security Device" column.
Certificates labeled like that are intermediate certificate that Firefox stores automatically if a server is visited that sends such a certificate.
It is possible that yours is an older version that has expired and removing that stored certificate will make Firefox use the certificate send by the website.

more options

Hi cor-el...As I said, I went there and the expiry date is 07-02-2020. & why, before I delete it, is that particular VeriSign the BT safety certificate????? Thanks...T

more options

选择的解决方案

That certificate expires form me as well on 02/07/2020 (not before 02/08/2010; on after 2/07/2020), so that shouldn't be a problem if the date and time on the computer are correct.

What do you see if you open the bt.com site and inspect the certificate chain?

You can retrieve the certificate and check details like who issued the certificate and the expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer.

You can see more Details like intermediate certificates in the Details pane.

more options

Hi cor-el, followed all your instructions and found all the info.

Just about to go into delete problem certificate....checked BT.com and went straight in. Problem had disapeared, the same as it arrived. No explanation!

I think these computers just want to play mind games. 

I just want to say thank you for your time and information....at my age of 75 it's always great to learn new ideas. I shall look round in this unexplored area.......Thanks Tony

more options

I suspect this procedure has actually produced an exception, so following this advice will find it has 'been fixed', but if you uninstall Firefox (and remove registry entries, Mozilla data directories etc) then reinstall, I suspect you'll have the problem back.

I have the same issue with a secure site at work - Verisign Class 3 public Primary certificate valid until 5th April 2012 - works fine with IE8 and Opera 11.52 -

Firefox (7.0.1) gives "This connection is untrusted" - detail: <site> uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. (Error code: sec_error_expired_issuer_certificate)

?

more options

It is possible that Firefox is trying more than one cipher to connect to the server and that some ciphers produce this error.
I usually keep all 128 bit SSL3 ciphers disabled and only enable security.ssl3.rsa_rc4_128_md5 or security.ssl3.rsa_rc4_128_sha for sites that still only work with 128 bit and not 168 or 256 bit.