Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Firefox - This Connection is Untrusted

Posted on 2013-12-11
20
759 Views
Last Modified: 2013-12-24
I am having an issue going to ssl sites using FireFox.  This can be seen on https://mail.google.com so I know it isn't a bad certificate.  Also my computer clock is correct so please don't post a link about that.  I want the issue to be fixed not to create a work around.

Please do not google the title and post links, I have already tried googling the issue.

Thanks!
0
Comment
Question by:jackjohnson44
  • 10
  • 7
  • 3
20 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39711405
Which OS are your running? Is your OS uptodate? did you make sure that the root certificates are updated. Root certificate update comes with the Windows updates.

Sudeep
0
 
LVL 18

Expert Comment

by:zc2
ID: 39711413
SSharma,
AFAIK, Mozilla browsers have their own certificate storage, they don't use Windows'.

jackjohnson44,
Did you try just reinstall Firefox?
0
 

Author Comment

by:jackjohnson44
ID: 39711415
I am running windows 7 with everything updated.  I can view mail.google.com on chrome and internet explorer without issue.  I deleted all internet files, deleted my profile, and cleared the cache.  I also deleted all plugins and extensions.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 18

Expert Comment

by:zc2
ID: 39711425
You already did a lot, so uninstall the Firefox and install it again I guess is not a big deal. Can you try that?
0
 

Author Comment

by:jackjohnson44
ID: 39711485
I just uninstalled, restarted, installed, same issue.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39711495
Could you please post the screenshot of the error, make sure to include the address in the address bar is included in the screenshot.

Sudeep
0
 

Author Comment

by:jackjohnson44
ID: 39711553
Here is my screen shot.  I didn't show the full address since I believe it is some hashed key to my account.  If I go to mail.google.com I can sign in, then I am redirected to the https site which gives me an error.
Capture.PNG
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39711597
I would doubt if there is any plugin which might is causing this.

Could you please run OTL and post the logs?

OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.

Download:
http://oldtimer.geekstogo.com/OTL/OTL.exe

Alternate downloads and locations:

Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr

Mirrors:
OTL.com: http://www.itxassociates.com/OT-Tools/OTL.com
OTL.scr: http://www.itxassociates.com/OT-Tools/OTL.scr
OTL.exe: http://www.itxassociates.com/OT-Tools/OTL.exe

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Sudeep
0
 
LVL 18

Expert Comment

by:zc2
ID: 39711660
What does the "Technical Details" section in your screenshot say?

Try to compare the certificates in the Firefox and IE (windows). Are there any differences in the google site certificate and the list of the CA in both places?
0
 

Author Comment

by:jackjohnson44
ID: 39711666
Thanks for your help.
Extras.Txt
OTL.Txt
0
 

Author Comment

by:jackjohnson44
ID: 39712461
zc2, here are the tech details

mail.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
0
 
LVL 18

Expert Comment

by:zc2
ID: 39712813
If you open the list of Firefox's  CA certificates (Tools->Options->Advanced->Certificates->View Certificates->Authorities), can you see the "GeoTrust Global CA" certificate in the list?
0
 

Author Comment

by:jackjohnson44
ID: 39724014
Sorry for the late reply.  I didn't notice you commented.  Yes, I see that in the list.  Under the column "Security Device" it says "Builtin Object Token".
0
 
LVL 18

Expert Comment

by:zc2
ID: 39724532
Did you try this:
The file cert8.db in your profile folder may have become corrupted. Delete this file while Firefox is closed.

    Open your profile folder:

    At the top of the Firefox window, click on the Firefox button, go over to the Help menu and select Troubleshooting Information. The Troubleshooting Information tab will open.
    Under the Application Basics section, click on Show Folder. A window with your profile files will open.
    Note: If you are unable to open or use Fire¿fox, follow the instructions in Finding your profile without opening Firefox.

    At the top of the Firefox window, click on the Firefox button and then select Exit
    Click on the file named cert8.db.
    Press Delete.
    Restart Firefox.
    cert8.db will be recreated when you restart Firefox. This is normal.
(from here)
0
 

Author Comment

by:jackjohnson44
ID: 39725024
Thanks but that didn't work.  I also tried the "Reset Firefox" option under the troubleshooting area and still didn't have any luck.  I also uninstalled and re-installed FF with no luck.
0
 
LVL 18

Expert Comment

by:zc2
ID: 39725089
I'm sending you my certificate chain for mail.google.com.
Could you please open it and compare the certificate, the Google G2 CA certificate and the GeoTrust CA certificate with the same on your Firefox?
Rename the file from .txt to .crt and double click on it to open into a viewer.

Yo can also export your mail.google.com certificate and post it here.
mail.google.crt.txt
0
 

Author Comment

by:jackjohnson44
ID: 39727149
When I open the certificate on mail.google.com (not the one you sent), I can see the company where I am working from as the name of the Issued By Common name, and organization.  Is this the issue?
0
 
LVL 18

Assisted Solution

by:zc2
zc2 earned 500 total points
ID: 39730031
Yes, probably. The question is - why this was not changed when you had flushed the certificate db file.
You could try the following:
1. Try to do the describing flushing procedure again. Carefully find out your profile location.
2. Create an additional profile in Firefox and observe its behavior.
3. Consult your company's IT department, may be they have some explanations.
0
 

Accepted Solution

by:
jackjohnson44 earned 0 total points
ID: 39730055
Thanks, but this isn't worth it.  I am going to stop using FF and just use Chrome from now on.  It was good for a while, but FF isn't what it used to be.
0
 

Author Closing Comment

by:jackjohnson44
ID: 39737647
I wasn't able to find an answer so I am just going to switch to using Chrome from now on.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question