Firefox Warning Message -"This Connection is Untrusted" Caused by Proxy Server Certificate - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, December 20, 2015

Firefox Warning Message -"This Connection is Untrusted" Caused by Proxy Server Certificate

I am getting the "This Connection Is Untrusted" message in Firefox for all security website using https even when I go to the Mozilla support page. Any secure site is viewed as an untrusted connection only in Firefox browser, but IE and Chrome are fine. The certificate is not trusted because the issuer certificate is unknown. Here is a screenshot when I tried to browse Google website from Firefox.




I have tried following: https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_the-certificate-is-not-trusted-because-the-issuer-certificate-is-unknown
The file cert8.db in your profile folder may have become corrupted. Delete this file while Firefox is closed.

1. Open your profile folder:

  • Click the menu button New Fx Menu , click help Help-29 and select The image "Troubleshooting Information" does not exist.. The Troubleshooting Information tab will open.
  • Under the Application Basics section, click on Show Folder. A window with your profile files will open.
  • Note: If you are unable to open or use Firefox, follow the instructions in Finding your profile without opening Firefox.
2. Click the menu button New Fx Menu and then click Exit Close 29
3. In Windows Explorer, click on the file named cert8.db (or cert8 if extensions are hidden)
4. Press Delete.
5. Restart Firefox.
Unfortunately, this solution does not work for this case.  It becomes so annoying when using Firefox. Interesting thing is this is not happening on my Microsoft IE browser. I have looked at the other relevant articles already, and tried everything to fix this problem. I have completely reinstalled Firefox, I have refreshed it, I have deleted the cert8.db file, I have run it in safe mode, and I have run it with the Skip Cert Error 0.4.4 extension. Nothing works - I cannot even access support.mozilla.org without running into this error. If I let the skip cert error do its thing for a while, sometimes I can access a bare-bones version of the site with a white background and all links in blue underlined text, all aligned left. There's got to be a better way.

Today I decided to look into this error messages and luckly found a solution for it. There is a inter-middle certificate issued from our Proxy server.  That is why I got all those warning messages.

 Although this untrusted certifcate is issued to *.google.com, but it is issued by our internal web-gate server, which is our Proxy server.


The solution will be easy as well since we got the root cause. As soon as you export this web-gate Proxy server Certificate from IE browser, you can import it into Firefox to let Firefox trust it.


Import it into Firefox:




After exported certificate imported into Firefox, this annoying warning message is gone.

Note: If you have multiple Proxy server certificates such as my case, you will have to export all of them and import them into your firefox.

No comments:

Post a Comment