The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature

When I used Firefox to open a website which is our own website so I surely know we do pay $$ to purchase an external certificate for it. But I got the message "Your connection is not secure" and
"this website uses an invalid security certificate". It also said:
"The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature." While I clicked "view" for details, it includes a message
"Couldn't verify this certificate because the issuer is unknown". Further investigation shows the certificate was issued by
COMODO RSA CA.

I cannot see why this issuer "COMODO CA" is unknown and not trusted. Can you help me understand this please ? (I understand I can add this site to exception list but I want to know why.) Thanks.
CastlewoodAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EirmanChief Operations ManagerCommented:
Just to be sure ..... check that time & date on the PC you are using is correct.
CastlewoodAuthor Commented:
The time and date on my pc are surely correct. The PC is part of the company domain with time updated from time to time. But what is your point for questioning the date/time? is it related?
Thanks.
Russ SuterSenior Software DeveloperCommented:
It might be a false error. COMODO certainly is a trusted certification authority so unless you bought it from another company pretending to be COMODO that shouldn't be the issue. You can contact them and have them verify the root signature which, if you bought it from them, they will be happy to do.

The other possibility is that your certifcate was generated using a weak or broken cipher. Certificates created using a SHA1 hash are no longer recognized as valid by Chrome and I think Firefox is on that same bandwagon. Also make sure your certificate is at least 2048 bits. Current browsers aren't too happy with 1024 bit certificates. If post the URL (or private message if you prefer) we can inspect the certificate to see if anything looks off.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

EirmanChief Operations ManagerCommented:
But what is your point for questioning the date/time? is it related?
Suppose your bios battery failed and your clock reverted to the wrong year, you would get loads of certificate errors
when trying to browse.

Set your clock back 10 years and try using Google!
arnoldCommented:
Double check firefox's options, advanced, certificates and make sure it has the comodo CA certificate in the list.

Your issue might be that the signer of your certificate is either no longer valid, or if I am not mistaken had issues and was revoked, you would need to go back to whomever you purchased it from to have them reissue the certificate with a valid signer cert.

What are the dates on your certificate path?
CA, intermediate CA

REF article from four years ago about comodo CA issues.
http://www.wired.com/2011/03/comodo_hack/
CastlewoodAuthor Commented:
Russ and arnold,
Attached please find some screen shots regarding this certificate. Don't forget we purchase/renew about 20 certificates for our websites, Exchange from this CA -- COMODO. And as Russ mentioned, COMODO is not a scamming CA.
Russ SuterSenior Software DeveloperCommented:
Where are the screenshots?
arnoldCommented:
nothing can be taken for granted, is your firefox version the most current?
check the certificates within to see what comodo certificates do you have.

Source from whom you obtained these certificates. no matter the quantity, you might be buying from a reseller or an entity that was once "authorize" by comodo to issue, but is no longer..

Images of a certificate is meaningless without the option to thoroughly examine  the issue.

It could be that you did not update the certificate chain on your webserver with the newer comodo intermediate and CA certificates and because of that your newer certificates have issues because the one you have on your web server is the wrong one, for the certificate, .......

can you post the domain name of the site from which you get errors when connecting?
CastlewoodAuthor Commented:
Sorry. Here is the screen shots.
certificate-issue.docx
Russ SuterSenior Software DeveloperCommented:
Nothing in those screenshots gives us any more information than you've already provided. We would need to see the certificate details to know more.
CastlewoodAuthor Commented:
ok, sorry again. Can you tell me what I can provide and how to get it for you please?

Appreciated.
Russ SuterSenior Software DeveloperCommented:
A URL which directs me to the website where the certificate is in use would be the most helpful.
CastlewoodAuthor Commented:
Russ SuterSenior Software DeveloperCommented:
The webpage is not available.
CastlewoodAuthor Commented:
Ah, this website doesn't open ports to outside so remote users will need vpn connection before they can access. Sorry about that.
But what info you want me to show you? Please let me know.
Russ SuterSenior Software DeveloperCommented:
Can you capture the certificate details? You'll probably need to scroll down and screenshot at least twice.
CastlewoodAuthor Commented:
Here is the cert details.
certificate-issue---details.docx
Russ SuterSenior Software DeveloperCommented:
I'm not seeing anything that looks out of the ordinary based on what you've provided. I'd contact COMODO and ask for their assistance. I've used them before and their support is quite good. There's a possibility that their issuing certificate was revoked for some reason.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CastlewoodAuthor Commented:
I tend to believe this certificate should be good. Here is what happened:

This issue occurred right after I downloaded and installed Firefox and then tried to get on that website. Is it possible Firefox at that moment was trying to build a list of trusted CAs and the list was not ready yet? The reason is, after I added the website in exception and 10 mins later I deleted it out of Exception list intending to reproduce this issue but found NOT able to.
Also I never had any issue using other browsers (Chrome, IE) to access this website.

What do you think?
arnoldCommented:
No, I think firefox has certain certs that are excluded. the other option firefox has the query OCS2 checked and for the comodo certs this poses an issue.
it says not providing ownership information means ownership of the firm to whom this certificate is issued is not included in the certificate information, it does not invalidate the certificate.
Do you get a warning when going to this site? invalid certificate message?
It depends on what certificate you want?
You got the simplest that verifies the URL.
There are other more expensive where the certificate includes the name of the firm that owns the hostname to which it is issued as well .....

Look at a cert
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.