Firefox: This connection is untrusted + Behind corporate firewall
Solution 1
If your system date or time is not wrong, and your problem is still not resolved, try the following. Because this problem is occurring only in your Firefox, but not IE, navigate to the secure site in IE, and determine which certificate is being used, which will be an icon somewhere around the menu bar. Then go to IE > Tools > Internet options > Content > Certificates > Trusted root certificate authorities (or maybe Intermediate certificate authorities), and find the certificate. When you find it, select Export, to export the certificate, in the default format.
Now go to Firefox > Tools > Options > Advanced > Encryption > View certifications > Authorities, and look for a certificate(s) with a similar name. If you find one, press Export, to export a backup copy of it. Now import into Firefox Authorities the certificate you exported from IE. Exit and restart Firefox. See if the "untrusted connection" problem is now fixed. If not, you could delete the imported certificate, if you wish. If problems arise, import back into Firefox Authorities the original Firefox certificate you backed up.
As soon as you finish, and everything is working OK, delete the certificates you exported, because they must be kept secure and must not be kept as files on your computer.
Solution 2
Chances are good that the reason it's untrusted is that the proxy is acting as a man in the middle, substituting its own ssl certificate to your browser. Firefox doesn't recognize the signing authority so it prompts you whether to trust it or not.
The question then becomes: do you trust your companies IT dept? Because they would then be able to read your mail, see your purchases, credit card info, etc. Whatever you do online that is encrypted is not encrypted to them.
Solution 3
Probably your company's proxy is doing a Man-in-the-middle attack to all connections (though it's not really an attack in this case). FF can't tell the difference between your company proxy and EVIL_GUY_ON_THE_INTERNET doing it, so it rightfully warns you.
If this is the case, your browser is misconfigured: The certificate which your company proxy uses needs to be installed into your browser; then FF will no longer complain. As a bonus, if a MITM attack occurs inside your network (between you and the proxy), you'll still get the right warning.
As to disabling the warning: I believe it's possible, but fairly complicated. Disabling is not safe because then all encrypted connections become vulnerable to MITM attacks. The solution I outlined above preserves security (as far as possible).
Solution 4
If you're behind a corporate firewall, are you using a proxy server? Some web proxy servers will break SSL authentication because they are trying to proxy SSL connections, which won't work by design.
Check your proxy settings. If possible, turn the proxy off, and browse direct.
Solution 5
I solved exporting some certificates from IE and Maxton, then importing them to Firefox and restarting. I dont know why, that's the only way I could solve this problem after the automatic Firefox update to version 33.
Related videos on Youtube
01 : 35
02 : 53
07 : 47
02 : 09
03 : 25
Eager2Learn
Updated on September 17, 2022Comments
-
Eager2Learn over 1 year
I've seen some similar issues strewn throughout Google's results about this, but none seem to be corporate-specific.
I continually get the 'This connection is untrusted' screen every time I attempt to log into a secure site...for instance Gmail.
This is pretty annoying as sometimes I have to go through the process of adding the exception two or three times before it finally lets me into Gmail.
I am behind a corporate firewall, going through an internal proxy server to get to the Internet, so there is no possibility for me to update the firewall...etc.
Does anybody know a way around this? Can it simply be disabled (and is that safe)?
EDIT
I'm going to reopen this question with a bit of new information.
I have been using Google Chrome lately until today, and one thing that I noticed was that I never had this issue when using either Chrome or Internet Explorer. Is there something that these other browsers do that I need to manually do in FF?
-
Eager2Learn about 14 yearsquestion #2 then...is it possible to find (via firefox) where this cert. is located?
-
sleske about 14 years@espais: No, not that I'm aware of. You'd need to ask your sysadmin (who should have configured your browser correctly in the first place).
-
Eager2Learn about 14 yearsdamn, i installed FF on my own in order to avoid using IE...thanks for the responses everybody!
-
Rory Alsop over 13 yearsThat isn't what Firefox does. Deleting cookies gets rid of cookies, not your cert store. I guess it might get rid of temporary exceptions as well. -
stone almost 12 yearsThis worked for me too. Exported four "Certificate Authorities" which were under my company's name in IE. Used PKCS#7 format. Then in Firefox went to the Authorities page and imported all four. When importing, checked three boxes allowing all permissions for those certificate authorities. -
ganders over 9 yearsFYI - This solution works for the new PolyBrowser -
fixer1234 almost 9 yearsFrom @User61893: Make sure you check for sub-certificates when you navigate to the secure site in IE, and determine which certificate is being used: 1) Click the padlock in the address bar to view the certificate being used. 2) Click 'view certificates' in the bubble that appears. 3) Open the 'certificate path' tab. 4) Check for sub-certificates under the original certificate and before the secure site. I needed to install all the sub-certificates as well, for Firefox to work. -
Muhammed Çağlar TUFAN almost 9 yearsThis was the exact solution for us - the internal corporate SSL proxy added the internal certificate chain for IE and Chrome, but they did not add it to FF. Maybe FF has it's own certificate store - whereas Chrome/IE are shared. We didn't have to restart FF to see the effect. The sec_error_unknown_issuer was driving me nuts because the authority wasn't listed in FF. -
endolith over 8 yearsWhat if a real MITM attack occurs outside the network, or a site gets hijacked and uses bogus certificates? Will your browser think it's legitimate because it accepts the company's certificate?
-
endolith over 8 yearseven if you trust them not to read your mail, do you trust them to keep your unencrypted information safe from hackers?
-
endolith over 8 years"which will be an icon somewhere around the menu bar" that just shows the Avast virus scanner's MITM certificate, not the company's MITM certificate.
-
endolith over 8 yearsIf I disable Avast, I can then see the certificate, and follow these directions, but then it says "This certificate is already installed as a certificate authority"
-
sleske over 8 years@endolith: That sounds like a new question. Why not ask it as such?
