Solved

Firefox Error code: SEC_ERROR_UNKNOWN_ISSUER in firefox when browsing to sites

Posted on 2016-11-01
5
58 Views
Last Modified: 2016-11-08
Hi, I have firefox version 49.0.2 installed.

I have network settings set to Use System Proxy Settings

FireFox Network Settings
If i set it to No Proxy, i can browse fine.  I think it may have something to do with the proxy itself.

I am using a Websense proxy http://*.*.*.*:8083/wpad.dat

I have tried to uninstall and reinstall.

Here is the page i get when trying to browse to www.google.com.
SEC_ERROR_UNKOWN_ISSUER
I can browse fine on anyother browser.  I have tried to research this on google and i found things suggested like Mallware or security software intercepting the way firefox is negotiating protocols with servers i am trying to reach.  But it only occurs when i have a proxy enabled in FireFox Settings.  

please help
0
Comment
Question by:JB Blanco
  • 3
  • 2
5 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41868779
When you use a proxy, you are actually making two connections in series.  One from the browser to the proxy and then one from the proxy to the target.  It is likely that Websense does not support HSTS which is why you are getting that error.  I believe that the only 'solution' is to not use the proxy with Firefox.

More info:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
0
 

Author Comment

by:JB Blanco
ID: 41870544
I have a ticket open with Websense to confirm whether its supported or not.  But in the mean time how can i confirm this on my own?  I dont see how it would'nt be supported.  Is there anything else you can have me try?  is there anyone on this site with experience using Websense Content Gateway Manager in an environment using firefox?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41870550
HSTS is a relatively new addition to the HTTP/S protocol.  Maybe Websense hasn't caught up yet.  A proxy has to make it's own request to the destination.  It's not just a matter of passing on the original request.

I don't know how you would check it yourself since you can only see one side of the proxy.
0
 

Accepted Solution

by:
JB Blanco earned 0 total points
ID: 41872999
I solved my own question!

The solution to this issue is recorded here

https://support.forcepoint.com/KBArticle?id=Importing-Sub-CA-Certificates-To-Firefox

Basically export the cert from the Content Gateway Following those instructions and then imported into firefox!
0
 

Author Closing Comment

by:JB Blanco
ID: 41878483
It was the correct solution
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question