Firefox - The certificate is not trusted because the issuer certificate is unknown.


When viewing my site I see this error: uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)

I am using FireFox 38.0.5 on a Windows 8.1 PC.  The same site on the same PC is displayed fine with no certificate errors when using MS 11 and Google Chrome.

I have deleted the cert8.db file, but that did not work. I followed these steps: uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)

Do you have another suggestions?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
That is correct. Each web browser relies on it's own certificate store, and if you have a CA cert in the store of one browser but not another, you get that issue.

To fix this on ONE machnie, view the certificate in IE (click the padlock and select "view certificates") then select the "Certification Path" tab. this will show the CA that ultimately signs the certificate. Select the top cert on this chain and hit the [View Certificate] button - this will open another cert window with the required CA cert in it. the "Details" tab has a [Copy to File...] button to allow you to save off this cert.

Now moving to Firefox, you can select the options, Advanced Tab, and Certificates - this is where firefox stores it's certs. [View Certificates] will take you to the certificate store, and the [Import...] button lets you import the new root CA (if it isn't already there).  

Note, there may be an intermediate cert between root (which will show in the cert chain visible from IE) - it's possible that firefox was unable to obtain this intermediate cert for some reason, which would also cause a verification failure. in such case, you can either import the intermediate (same method) or find out why it can't fetch the intermediate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PBITAuthor Commented:
I did the intermediate cert between the root and the site and that worked.  

Now the problem is that users, who are not computer savvy, have this problem.  The cert I imported is from MS IE, so I need to figure out how to apply this solution to them.
PBITAuthor Commented:
Thanks for the solution.
Dave HoweSoftware and Hardware EngineerCommented:
Well, you can push out certs via group policy (they are just registry keys) but I would suggest more in this case you should find out why they can't reach the intermediate. The way it works is this; the intermediate cert can be (but usually isn't) supplied by the webserver (if you have access to the webserver, you can add it to the cert store on the server for delivery with the actual server cert, and that solves your problem)

Otherwise, you should look at the server cert, and in particular look at the section marked "authority information access" - this is where the intermediate can be found, and if the web browser cannot reach that server, the "fetch" of the intermediate will fail.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.