We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Your connection is not secure

  • 2 antwoorden
  • 4 hebben dit probleem
  • 1 weergave
  • Laatste antwoord van usgroupie

more options

Firefox blocks: https://vip.vba.va.gov/portal/VBAH/VBAHome/condopudsearch, and https://vip.vba.va.gov/portal/VBAH/VBAHome/buildersearch "Your connection is not secure" Advanced Tab cites "vip.vba.va.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Error code: SEC_ERROR_UNKNOWN_ISSUER

However, IE 11 has no issue accessing the websites.

Firefox blocks: https://vip.vba.va.gov/portal/VBAH/VBAHome/condopudsearch, and https://vip.vba.va.gov/portal/VBAH/VBAHome/buildersearch "Your connection is not secure" Advanced Tab cites "vip.vba.va.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Error code: SEC_ERROR_UNKNOWN_ISSUER However, IE 11 has no issue accessing the websites.

Gekozen oplossing

Servers are supposed to send not just their own certificate, but any intermediate certificate(s) necessary to link the site's certificate with an ultimate authority that browsers trust. IE has a feature to compensate for an incomplete chain of trust, but Firefox doesn't fill in gaps that way.

This site shows that there is a way to collect different signing certificates to confirm that it should be trusted, but there are multiple steps: https://www.ssllabs.com/ssltest/analyze.html?d=vip.vba.va.gov&s=152.132.104.3&latest

I think that means it's currently safe to make a temporary exception for the site. But if they could "clean up their act" that would be great.

Dit antwoord in context lezen 👍 0

Alle antwoorden (2)

more options

Gekozen oplossing

Servers are supposed to send not just their own certificate, but any intermediate certificate(s) necessary to link the site's certificate with an ultimate authority that browsers trust. IE has a feature to compensate for an incomplete chain of trust, but Firefox doesn't fill in gaps that way.

This site shows that there is a way to collect different signing certificates to confirm that it should be trusted, but there are multiple steps: https://www.ssllabs.com/ssltest/analyze.html?d=vip.vba.va.gov&s=152.132.104.3&latest

I think that means it's currently safe to make a temporary exception for the site. But if they could "clean up their act" that would be great.

more options

Thank you for the info and the link.