copy from https://support.mozilla.org
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites
Table of Contents
What does this error code mean?
During a secure connection a website needs to provide a certificate issued by a trusted certificate authority in order to ensure that the user is connected to the intended target and the connection is encrypted. If you get a "Your connection is not secure" error page and see the error code "SEC_ERROR_UNKNOWN_ISSUER" after you click on Advanced, it means that the certificate provided was issued by a certificate authority that is not known by Firefox and therefore cannot be trusted by default.
Warning: You should never add a
certificate exception for a legitimate major website or sites where
financial transactions take place – in this case an invalid certificate
can be an indication that your connection is compromised by a third
party.
The error occurs on multiple secure sites
In case you get this problem on multiple unrelated HTTPS-sites, it indicates that something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox. The most common causes are security software scanning encrypted connections or malware listening in, replacing legitimate website certificates with their own.Antivirus Products
Generally, if your security product contains a feature to scan encrypted connections, you could try to reinstall the security product, which might trigger the software to place its certificates into the Firefox trust store again. Try the following solutions for particular security products:Avast
In Avast security products you can disable the interception of secure connections:- Open the dashboard of your Avast application.
- Go to > and click next to .
- Uncheck the Enable HTTPS Scanning setting and confirm this by clicking .
Bitdefender
In Bitdefender security products you can disable the interception of secure connections:- Open the dashboard of your Bitdefender application.
- For the 2016 version of the Bitdefender security product click on .
For the 2015 version of Bitdefender click on . - Click on .
- Toggle off the Scan SSL setting.
Bullguard
In Bullguard security products you can disable the interception of secure connections on particular major websites like Google, Yahoo and Facebook:- Open the dashboard of your Bullguard application.
- Click on > .
- Uncheck the option for those websites which are showing an error message.
ESET
In ESET security products you can try to disable and re-enable SSL/TLS protocol filtering or generally disable the interception of secure connections as described in ESET’s support article.Kaspersky
In Kaspersky security products you can disable the interception of secure connections:- Open the dashboard of your Kaspersky application.
- Click on on the bottom-left.
- Click and then .
- If you use a 2016 version of Kaspersky: In the section check the Do not scan encrypted connections option and confirm this change.
Alternatively you can click on in order to try to trigger a reinstallation of Kaspersky's certificate. In the dialog that opens click on and follow the on-screen instructions.
If you use a 2015 version of Kaspersky: uncheck the Scan encrypted connections option.
Family Safety settings in Windows accounts
In Microsoft Windows accounts protected by Family Safety settings, secure connections on popular websites like Google, Facebook and YouTube might be intercepted and their certificates replaced by a certificate issued by Microsoft in order to filter and record search activity.Read this Microsoft FAQ page on how to turn off these family features for accounts.
Monitoring/Filtering in corporate networks
Some traffic monitoring/filtering products used in corporate environments might intercept encrypted connections by replacing a website's certificate with their own, at the same time possibly triggering errors on secure HTTPS-sites. If you suspect this might be the case, please contact your IT department to ensure the correct configuration of Firefox to enable it working properly in such an environment.Malware
Some forms of malware intercepting encrypted web traffic can cause this error message - refer to the article Troubleshoot Firefox issues caused by malware on how to deal with malware problems.The error occurs on one particular site only
In case you get this problem on one particular site only, this type of error indicates that the web server is not configured properly: The website's certificate might not have been issued by a trusted certificate authority itself and no complete certificate chain to a trusted authority was provided either (a so-called "intermediate certificate" is missing). You should contact the owner of the website and inform him of the error.If the website allows it, you can add an exception in order to visit the site, in spite its certificate is not being trusted by default:
- On the warning page, click Advanced.
- Click . The Add Security Exception dialog will appear.
- Read the text describing the problems with the website. You can click in order to closer inspect the untrusted certificate as well.
- Click if you are sure you want to trust the site.
Share this article: http://mzl.la/1lFJl3h
No comments:
Post a Comment