We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

When I try to access Google it says 'insecure connection' and does not allow me to bypass this by adding an exception

more options

The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Learn more…

www.google.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)

The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. Learn more… www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: sec_error_unknown_issuer)

All Replies (5)

more options

Hi helenn, is Google the only site where you get "sec_error_unknown_issuer", or does it affect other HTTPS sites as well?

When you get this for pretty much all secure sites, the problem usually is one of the following:

(1) Error in your system's date, time, or time zone, which throws off certificate validity checks. Sometimes allowing computers to use an internet-based time source can introduce this problem.

(2) Firefox not being set up to work with your security software that intercepts and filters secure connections. Products with this feature include Avast, BitDefender, Bullguard, ESET, and Kaspersky; AVG LinkScanner / SurfShield can cause this error on search sites.

(3) On Windows 10, Firefox not being set up to work with the parental control software Microsoft Family Safety. (To test by turning it off, see: http://windows.microsoft.com/en-us/wi.../turn-off-microsoft-family-settings)

(4) Malware on your system intercepting secure connections.

If you have any of those specific security products:

That would be the first thing to check. This support article will walk you through it: How to troubleshoot security error codes on secure websites.

If none of those ring a bell:

You could inspect a sample certificate to see whether that points to the culprit. If you want to try that now, here's how I suggest starting:

Load my test page at: https://jeffersonscher.com/res/jstest.php

You likely will get an error page. Expand the "Advanced" button and look for an Add Exception button.

Note: You don't need to complete the process of adding an exception -- I suggest not adding one until we know this isn't a malware issue -- but you can use the dialog to view the information that makes Firefox suspicious.

Click Add Exception, and the certificate exception dialog should open.

Click the View button. If View is not enabled, try the Get Certificate button first.

This should pop up the Certificate Viewer. Look at the "Issued by" section, and on the Details tab, the Certificate Hierarchy. What do you see there? I have attached a screen shot for comparison.

more options

hi, thank you - this solved my problem as i had kaspersky installed. however, would this not compromise the internet security function?

more options

Hi helenn, it's true that there could be security threats coming from sites on an HTTPS connection as well as an HTTP connection, so there is some potential benefit to making this feature work.

In order to get Firefox to trust the fake site certificates presented by the Kaspersky software -- it has to generate fake certificates so it can intercept, decrypt, and analyze the content flowing back and forth between you and the site which would otherwise be unreadable -- you probably need to import Kaspersky's signing certificate into Firefox's Certificate Manager.

The steps for doing that in the previous version were posted on the Kaspersky forums last Summer. The actual path on disk may vary depending on your product:


Open Firefox's Certificate Manager:

"3-bar" menu button (or Tools menu) > Options

In the left column, click Advanced

On the right side, make sure the Certificates mini-tab is selected and then click the View Certificates button

In the Certificate Manager dialog, click the "Authorities" mini-tab (not the Servers mini-tab)

If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"

Select it and Click "Delete or Distrust"

Now click "Import..."

Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"

Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!


Does that work on your Firefox? If so, could you update the information, especially the folder on disk and name of the file (the last two steps)? Thanks.

more options

many thanks for your help, but I decided that it wasn't worth it switching off part of the function of kaspersky which I paid for, so I have switched over to google chrome where everything works fine. Congrats, Mozilla!

more options

Another user recently got updated steps for importing the Kaspersky certificate:

https://support.mozilla.org/questions/1110416

Assuming you have that same version, you can have SSL filtering in Firefox.