Solved

Firefox Error code: SEC_ERROR_UNKNOWN_ISSUER in firefox when browsing to sites

Posted on 2016-11-01
5
103 Views
Last Modified: 2016-11-08
Hi, I have firefox version 49.0.2 installed.

I have network settings set to Use System Proxy Settings

FireFox Network Settings
If i set it to No Proxy, i can browse fine.  I think it may have something to do with the proxy itself.

I am using a Websense proxy http://*.*.*.*:8083/wpad.dat

I have tried to uninstall and reinstall.

Here is the page i get when trying to browse to www.google.com.
SEC_ERROR_UNKOWN_ISSUER
I can browse fine on anyother browser.  I have tried to research this on google and i found things suggested like Mallware or security software intercepting the way firefox is negotiating protocols with servers i am trying to reach.  But it only occurs when i have a proxy enabled in FireFox Settings.  

please help
0
Comment
Question by:JB Blanco
  • 3
  • 2
5 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41868779
When you use a proxy, you are actually making two connections in series.  One from the browser to the proxy and then one from the proxy to the target.  It is likely that Websense does not support HSTS which is why you are getting that error.  I believe that the only 'solution' is to not use the proxy with Firefox.

More info:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
0
 

Author Comment

by:JB Blanco
ID: 41870544
I have a ticket open with Websense to confirm whether its supported or not.  But in the mean time how can i confirm this on my own?  I dont see how it would'nt be supported.  Is there anything else you can have me try?  is there anyone on this site with experience using Websense Content Gateway Manager in an environment using firefox?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41870550
HSTS is a relatively new addition to the HTTP/S protocol.  Maybe Websense hasn't caught up yet.  A proxy has to make it's own request to the destination.  It's not just a matter of passing on the original request.

I don't know how you would check it yourself since you can only see one side of the proxy.
0
 

Accepted Solution

by:
JB Blanco earned 0 total points
ID: 41872999
I solved my own question!

The solution to this issue is recorded here

https://support.forcepoint.com/KBArticle?id=Importing-Sub-CA-Certificates-To-Firefox

Basically export the cert from the Content Gateway Following those instructions and then imported into firefox!
0
 

Author Closing Comment

by:JB Blanco
ID: 41878483
It was the correct solution
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question