SSL Certificates - sec_error_unknown_issuer
Fix your browser already. Getting these SSL errors on every other site is starting to really get annoying! There is nothing wrong with the SSL certificates or the sites. It's your browser that is unable to verify the certificates.
http://i.imgur.com/52qSNXt.png
Latest addition to the sites that do not work: https://www.inspirepay.com
The latest browser causing nothing but trouble for clients.
Edited for language. Please see Mozilla Support rules and guidelines
Moses trɔe
Ŋuɖoɖo si wotia
Quote: The browser should come with all Certificate Authorities
Note that Mozilla has a strong policy to decide which CA to include with root certificates.
- http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
- http://www.mozilla.org/projects/security/certs/pending/
Required intermediate certificates need to be send by the server to make it possible to build a certificate chain that ends in a root certificate.
Xle ŋuɖoɖo sia le goya me 👍 5All Replies (17)
hello, the site you provided works fine here - most of the time this kind of error isn't due to an issue with the browser itself, but because security software (which one are you using?) or other potentially unwanted software that is monitoring or intercepting encrypted network traffic on your pc - which looks like a man-in-the-middle attack in firefox & therefore the warning...
could you tell us which issuer information the certificate does contain when you inspect it (see screenshot)?
though on closer inspection the site you have referenced, doesn't properly include its intermediate certificate, so this can lead to problems in certain situations: http://www.sslshopper.com/ssl-checker.html#hostname=https://www.inspirepay.com/
you might have to install the right intermediate certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to options > advanced > certificates > view certificates > import... & leave all the checkboxes unticked in the upcoming confirmation dialog...
It is the first certificate ([Intermediate #3] EssentialSSLCA) as listed on this page:
Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that has send this certificate then you won't get this error.
Why can every other browser like Chrome deal with this without an issue?
The browser should come with all Certificate Authorities and intermediates or at least update them when needed. They are Certificate Authorities for a reason.
skyrant trɔe
You wouldn't have seen this error in Firefox if you have visited a web server before that has send this intermediate certificate: philipp wrote above: hello, the site you provided works fine here, so apparently you already had this certificate installed like a lot of us have if you visit many website and have used a specific profile for a longer period (cert8.db isn't included in a reset).
Just for shits and giggles i did a clean install of Win7 + Chrome + IE + Firefox in a VM.
First site i browsed to was: https://www.inspirepay.com
Every browser worked except Firefox.
I rest my case. Fix your browser.
Ɖɔɖɔɖo si wotia
Quote: The browser should come with all Certificate Authorities
Note that Mozilla has a strong policy to decide which CA to include with root certificates.
- http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
- http://www.mozilla.org/projects/security/certs/pending/
Required intermediate certificates need to be send by the server to make it possible to build a certificate chain that ends in a root certificate.
Hi,
I've experienced this problem too, I keep encountering the same problem with the certificate cannot be found and so I cannot continue to confirm the exception.
What I tried to do is within the Confirm Security Exception dialog (or whatever it is) is change the https to http on the address bar there and the error message changed -- not to mention that the "Confirm Security Exception" button is also enabled after that. I clicked the Exception button to proceed and I think I bypassed it properly.
Hope this helps.
I can't visit Yahoo. I can't visit Google. I can't download FireBug. I can't even visit your very own Firefox themes page http://i58.tinypic.com/106afyb.jpg Fix your browser!
Moses trɔe
Hi destinedjagold
Did you check the date and time in the clock on your computer?
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
cor-el trɔe
I do not want to keep on clicking the "I Understand the Risks" button every.single.freaking.time. I should just go back to Chrome. Let me know when this error is fixed.
I'm having the same problem but with many sites I visited yesterday just fine -- Facebook, Dropbox, and others. ALL obviously trusted sites. The problem most certainly IS with Firefox, and don't give a bunch of crap about what "should" be fine. Some of my error messages aren't even giving me the option of saying "go ahead, I understand the risks." There must be SOME kind of way to change settings or something.
Did you check who is the issuer of the certificate?
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details to expand this section.
If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
What is an "(i)frame"? Not everybody is a code freak. I'm with the other guy -- FIX your browser! OR AT LEAST tell ME how to fix it in PLAIN ENGLISH.
Moses trɔe
I was able to fix this on a friend's Windows 8 PC by uninstalling a piece of software called "Browser Secureguard". Apparently, this is a sneaky piece of Adware that does some tricky things with proxies to serve up video ads while browsing.
I have normal class 1 startssl certificate which uses tons of sites but mine doesnt work too ( http://i.imgur.com/mVt7FLs.png ). Any help? Every other browser works for me as well just fine
The www.vcklan.cz server doesn't send a required intermediate certificate.
- StartCom Class 1 Primary Intermediate Server CA
You can inspect the certificate chain via a site like this:
You will have to install the intermediate certificate on the server, so that Firefox can build a certificate chain that end to the built-in StartCom Certification Authority root certificate.
The StartCom servers seem to been down for maintenance at this moment, so I can't check for details.