Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

Firefox not working on some ssl sites

montgomery.dean
montgomery.dean
more options

We recently upgraded Firefox on an older Ubuntu 16.04. We are now having trouble with some https sites.

Error code: SEC_ERROR_UNKNOWN_ISSUER https://www.myeducation.gov.bc.ca/aspen/logon.do

We don't think it is a firewall or antivirus/antispyware issue because the same version of Firefox will work on other versions of Linux/windows in the school.

We did notice a difference in the Certificate Manager. The Firefox that is NOT working is missing certificates that are labelled "Software Security Device". The site that fails is looking for "Entrust Certification Authority -L1K" which should be listed as a "Software Security Device" in Firefox.

We have tried the following:

  • Updated ca-certificates package which stores system certificates in /etc/ssl/certs/.
  • move $HOME/.mozilla folder out of the way to start with a fresh profile.
  • tested same Firefox on other versions of Linux and it works fine.
  • made sure antivirus/firewalls are not interfering.
We recently upgraded Firefox on an older Ubuntu 16.04. We are now having trouble with some https sites. Error code: SEC_ERROR_UNKNOWN_ISSUER https://www.myeducation.gov.bc.ca/aspen/logon.do We don't think it is a firewall or antivirus/antispyware issue because the same version of Firefox will work on other versions of Linux/windows in the school. We did notice a difference in the Certificate Manager. The Firefox that is NOT working is missing certificates that are labelled "Software Security Device". The site that fails is looking for "Entrust Certification Authority -L1K" which should be listed as a "Software Security Device" in Firefox. We have tried the following: * Updated ca-certificates package which stores system certificates in /etc/ssl/certs/. * move $HOME/.mozilla folder out of the way to start with a fresh profile. * tested same Firefox on other versions of Linux and it works fine. * made sure antivirus/firewalls are not interfering.
附加的畫面擷圖

被選擇的解決方法

Hi montgomery dean, the "Software Security Device" certificates are usually intermediate certificates that Firefox has cached from sites that served these. These certificates complete the chain of trust between the site's own certificate and the root certificates included with Firefox.

The SSLLabs test shows the server is not sending the intermediate certificates itself, so they need to update their SSL Configuration on the server.

https://www.ssllabs.com/ssltest/analyze.html?d=www.myeducation.gov.bc.ca

從原來的回覆中察看解決方案 👍 0

所有回覆 (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

選擇的解決方法

Hi montgomery dean, the "Software Security Device" certificates are usually intermediate certificates that Firefox has cached from sites that served these. These certificates complete the chain of trust between the site's own certificate and the root certificates included with Firefox.

The SSLLabs test shows the server is not sending the intermediate certificates itself, so they need to update their SSL Configuration on the server.

https://www.ssllabs.com/ssltest/analyze.html?d=www.myeducation.gov.bc.ca

由 jscher2000 - Support Volunteer 於 修改

montgomery.dean
montgomery.dean 提出問題者
more options

Confirmed. If I visit the entrusted website and use the "Test My Browser" buttons then the root certificate get's loaded into the browser and the site that previously failed works properly.

www entrustdatacard com / pages / root-certificates-download

由 montgomery.dean 於 修改