• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 405
  • Last Modified:

Firefox Error code: SEC_ERROR_UNKNOWN_ISSUER in firefox when browsing to sites

Hi, I have firefox version 49.0.2 installed.

I have network settings set to Use System Proxy Settings

FireFox Network Settings
If i set it to No Proxy, i can browse fine.  I think it may have something to do with the proxy itself.

I am using a Websense proxy http://*.*.*.*:8083/wpad.dat

I have tried to uninstall and reinstall.

Here is the page i get when trying to browse to www.google.com.
SEC_ERROR_UNKOWN_ISSUER
I can browse fine on anyother browser.  I have tried to research this on google and i found things suggested like Mallware or security software intercepting the way firefox is negotiating protocols with servers i am trying to reach.  But it only occurs when i have a proxy enabled in FireFox Settings.  

please help
0
JB Blanco
Asked:
JB Blanco
  • 3
  • 2
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
When you use a proxy, you are actually making two connections in series.  One from the browser to the proxy and then one from the proxy to the target.  It is likely that Websense does not support HSTS which is why you are getting that error.  I believe that the only 'solution' is to not use the proxy with Firefox.

More info:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
0
 
JB BlancoSr Systems EngineerAuthor Commented:
I have a ticket open with Websense to confirm whether its supported or not.  But in the mean time how can i confirm this on my own?  I dont see how it would'nt be supported.  Is there anything else you can have me try?  is there anyone on this site with experience using Websense Content Gateway Manager in an environment using firefox?
0
 
Dave BaldwinFixer of ProblemsCommented:
HSTS is a relatively new addition to the HTTP/S protocol.  Maybe Websense hasn't caught up yet.  A proxy has to make it's own request to the destination.  It's not just a matter of passing on the original request.

I don't know how you would check it yourself since you can only see one side of the proxy.
0
 
JB BlancoSr Systems EngineerAuthor Commented:
I solved my own question!

The solution to this issue is recorded here

https://support.forcepoint.com/KBArticle?id=Importing-Sub-CA-Certificates-To-Firefox

Basically export the cert from the Content Gateway Following those instructions and then imported into firefox!
0
 
JB BlancoSr Systems EngineerAuthor Commented:
It was the correct solution
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now