搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Error code: sec_error_unknown_issuer

more options

Hi

I am having the typical "This Connection is Untrusted" message visiting a website.

When clicking in technical details, instead of having the button "Add exception", i have this message


XXXXX uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)


How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working

Thanks

Hi I am having the typical "This Connection is Untrusted" message visiting a website. When clicking in technical details, instead of having the button "Add exception", i have this message XXXXX uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working Thanks

所有回覆 (16)

more options

This is typically caused by antivirus software. Which antivirus software (if any) do you use?

more options

Is the problem just with one site, or do you have this issue on numerous sites?

When you are in the Add Exception dialog, is the View button enabled to view the certificate? If so, who is listed under "Issued by"? Sometimes this will reference your security software vendor, or point to malware.

more options

By the way, it is not normal to get certificate errors on mainstream sites. Most trustworthy sites have their stuff together, and you should almost never need to make an exception.

more options

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer.

You can see more details like the intermediate certificates that are used in the Details tab.

Who is the issuer of the certificate?

Can you attach a screenshot of the certificate viewer window?

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB
more options

Hi

Doesnt look like related to antivirus or similar. Restoring firebug to default works, but after some time it happens again

The problem is with several sites. I add the exception correctly, i can see the certificate, but still have the error

Thanks

more options

javidr said

Restoring firebug to default works, but after some time it happens again

The Firebug extension? Does it have any kind of proxying built in for debugging secure connections?

more options

Bingo! I realised today that this happens after enrouting traffic though a proxy (zap).

When i connect to that website through zap, it works fine, but direct connection doesnt work anymore

Does it ring any bell?

Thanks

more options

Does ZAP use an add-on to let you select which sites to proxy, or modify Firefox's proxy settings? This must be listed somewhere... If this issue affects all browsers, check the Windows hosts file for a redirect of that hostname to localhost.

more options

I should have mentioned, check your Firefox proxy setting here:

"3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button

more options

I have configured the proxy through foxyproxy

Thanks

more options

Hi As mentioned i use foxy proxy. Any hint on what could be happening?

Thanks

more options

I am not familiar with FoxyProxy but if it was directing requests for that certain website to your proxy, have you tried turning that off so Firefox sends requests directly to the site?

more options

Yea. I have a proxy for zap and another for direct connection but seems like once the cert is accepted by zap, the direct connection doesnt validate the cert anymore

more options

That's confusing. I think normally you either see the site's certificate or the proxy's certificate, and they should never get confused with one another.

Maybe the problem is that you saved an exception for the site using the proxy's certificate? If so, try removing it here:

"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button

Check the "Servers" tab for certificates signed by your proxy and see whether you can remove the certificate from there.

If that isn't it, maybe FoxyProxy can explain what's going on. I am not in a position to replicate your setup.

more options

javidr said

Hi I am having the typical "This Connection is Untrusted" message visiting a website. When clicking in technical details, instead of having the button "Add exception", i have this message XXXXX uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) How can i do to trust this certificate? I have tried to add an exception, as explained in different threads, but still not working Thanks

alright so this might be an edge case, but check this out... so if you use an application like fiddler, that captures your network traffic history, it will do something (not sure what) with your certificates and you wont be able to root around in firefox while it is active. i.e. if you close fiddler or the like application, you can use firefox no prob! heres how i found out what was wrong... 1. i have a windows machine so sorry i dont know what the mac equivalent of this is. you need to search for manage user certificates. click that. 2. go to personal -> certificates. this is where i saw DO NOT TRUST_FIDDLER kind of thing everywhere.

this helped me figure out that fiddler was the problem most likely. so i close fiddler and bam it works fine.

more options

Hi jpeeling, that's a good tip. Unfortunately, some malware distributors are using the Fiddler certificate so for users who have not intentionally installed Fiddler, its presence is a huge red flag.