?
Solved

Firefox Error code: SEC_ERROR_UNKNOWN_ISSUER in firefox when browsing to sites

Posted on 2016-11-01
5
Medium Priority
?
206 Views
Last Modified: 2016-11-08
Hi, I have firefox version 49.0.2 installed.

I have network settings set to Use System Proxy Settings

FireFox Network Settings
If i set it to No Proxy, i can browse fine.  I think it may have something to do with the proxy itself.

I am using a Websense proxy http://*.*.*.*:8083/wpad.dat

I have tried to uninstall and reinstall.

Here is the page i get when trying to browse to www.google.com.
SEC_ERROR_UNKOWN_ISSUER
I can browse fine on anyother browser.  I have tried to research this on google and i found things suggested like Mallware or security software intercepting the way firefox is negotiating protocols with servers i am trying to reach.  But it only occurs when i have a proxy enabled in FireFox Settings.  

please help
0
Comment
Question by:JB Blanco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41868779
When you use a proxy, you are actually making two connections in series.  One from the browser to the proxy and then one from the proxy to the target.  It is likely that Websense does not support HSTS which is why you are getting that error.  I believe that the only 'solution' is to not use the proxy with Firefox.

More info:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
0
 

Author Comment

by:JB Blanco
ID: 41870544
I have a ticket open with Websense to confirm whether its supported or not.  But in the mean time how can i confirm this on my own?  I dont see how it would'nt be supported.  Is there anything else you can have me try?  is there anyone on this site with experience using Websense Content Gateway Manager in an environment using firefox?
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41870550
HSTS is a relatively new addition to the HTTP/S protocol.  Maybe Websense hasn't caught up yet.  A proxy has to make it's own request to the destination.  It's not just a matter of passing on the original request.

I don't know how you would check it yourself since you can only see one side of the proxy.
0
 

Accepted Solution

by:
JB Blanco earned 0 total points
ID: 41872999
I solved my own question!

The solution to this issue is recorded here

https://support.forcepoint.com/KBArticle?id=Importing-Sub-CA-Certificates-To-Firefox

Basically export the cert from the Content Gateway Following those instructions and then imported into firefox!
0
 

Author Closing Comment

by:JB Blanco
ID: 41878483
It was the correct solution
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
A look at what happened in the Verizon cloud breach.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question