Cannot connect to Google, Facebook, and many others because of invalid certificates

RESOLVED WORKSFORME

Status

()

Firefox
Untriaged
RESOLVED WORKSFORME
a year ago
a year ago

People

(Reporter: Anthony Boskovich, Unassigned)

Tracking

54 Branch
x86_64
Windows 10
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Windows NT 10.0; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170128030204

Steps to reproduce:

Tried to log on to Google and Facebook


Actual results:

Security would not let me sayig that certificates were invalid


Expected results:

Sites should have loaded
can you provide the precise error message, or screenshot of the error page?

in most case such error happens with antivirus software that tries to filter SSL connection and interacts badly.
can you also check if disabling antivirus software "solves" the issue, if you have it?
Flags: needinfo?(policemisconduct)
(Reporter)

Updated

a year ago
Severity: normal → critical
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64
(Reporter)

Comment 2

a year ago
This is the message:

Your connection is not secure

The owner of has configured their website improperly. To protect your information from being stolen, Nightly has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Nightly may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

I just upgraded to Kaspersky v. 17 for W10.  I disabled and no change.  I can et to the Kaspersky websidte.
Can you also provide the exact URLs of the page that you get the error message?
Do you see "Advanced" button in the error page? If so, could you copy and paste the message displayed after you click the button?
(Reporter)

Comment 6

a year ago
https://www.google.com/?gws_rd=ssl
https://www.facebook.com
https://www.amazon.com
and more ...

www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

Yes, it happens in safe mode
(Reporter)

Comment 7

a year ago
Here is what I get further for Google:

https://www.google.com/?gws_rd=ssl

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: true

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgINAMP/FnTfQ5R66X+7mzANBgkqhkiG9w0BAQsFADBUMRkw
FwYDVQQKDBBBTyBLYXNwZXJza3kgTGFiMTcwNQYDVQQDDC5LYXNwZXJza3kgQW50
aS1WaXJ1cyBQZXJzb25hbCBSb290IENlcnRpZmljYXRlMB4XDTE3MDExODE4NTAw
MFoXDTE3MDQxMjE4NTAwMFowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJ
bmMxFzAVBgNVBAMMDnd3dy5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuoxbDtJ0H0KxEqpRwX1SkxasaDifWqmpRuBdIvfbQLLsFBuZ
eDCGdeIZXfSdmSTzeD6mmVgmBCYrQ4E0BkDdj10I6Fj1789WHJgwCtzcaCszWiiL
2rIW0oAmlYzwMe+K2aUEPA9qeUXQVOj+NXBRC5YcMEeGUTMVACQBVGh+ywzMMhzx
lV+P49H3oBZmvYRL5ahp+Vy30kMdpJceYu1C5Lsg4ppITm0bypAjpOx8abQpHlgz
9KFFDU1QPo/GxAAFXfU1sieznTWpX3nAWKOiqRCl204vINWYzqopKgv9tVA82AuS
rDp6Dw3L17VHScbZDXPQ5bMJyZnzST956Jn5UQIDAQABo0owSDAZBgNVHREEEjAQ
gg53d3cuZ29vZ2xlLmNvbTAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAHxSrsPqjcPMfKYlYR9tP
/CQKxuZ46MDTIvll07OCJMBxqLTT70w6l8FXq12xIsLM5a/vZFj0i6acydt3yYn2
kHUjJS11JM3+v7ClkXKw2uGYw5FGQSvJH8kB+gzil4PX7O15BOfNX7odMaKs8u/I
DFyEmnx+x7+vYCT0CQ5WlycTmXmMMbCbgA2UuhHG4nGhgBe8NIhVpTWfkXqUoPxP
x1c9RdeQpE3rDmuZiWq45ZiHesdVX7oI4M6d9FgBoAhw0OQ9jIsoG1drR1CbovjZ
F/olEsoKpi0Zq8LmRfjIZan+cYfO76r/phJnt7Vn8mqoeMZxHG52sbnZq3EZMPJS
8Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDYDCCAkigAwIBAgIJAOiVj1hmrjK1MA0GCSqGSIb3DQEBCwUAMFQxGTAXBgNV
BAoMEEFPIEthc3BlcnNreSBMYWIxNzA1BgNVBAMMLkthc3BlcnNreSBBbnRpLVZp
cnVzIFBlcnNvbmFsIFJvb3QgQ2VydGlmaWNhdGUwHhcNMDcwMjAyMTkzNzEyWhcN
MjcwMTI4MTkzNzEyWjBUMRkwFwYDVQQKDBBBTyBLYXNwZXJza3kgTGFiMTcwNQYD
VQQDDC5LYXNwZXJza3kgQW50aS1WaXJ1cyBQZXJzb25hbCBSb290IENlcnRpZmlj
YXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoxbDtJ0H0KxEqpR
wX1SkxasaDifWqmpRuBdIvfbQLLsFBuZeDCGdeIZXfSdmSTzeD6mmVgmBCYrQ4E0
BkDdj10I6Fj1789WHJgwCtzcaCszWiiL2rIW0oAmlYzwMe+K2aUEPA9qeUXQVOj+
NXBRC5YcMEeGUTMVACQBVGh+ywzMMhzxlV+P49H3oBZmvYRL5ahp+Vy30kMdpJce
Yu1C5Lsg4ppITm0bypAjpOx8abQpHlgz9KFFDU1QPo/GxAAFXfU1sieznTWpX3nA
WKOiqRCl204vINWYzqopKgv9tVA82AuSrDp6Dw3L17VHScbZDXPQ5bMJyZnzST95
6Jn5UQIDAQABozUwMzAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDATBgNV
HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAUPLcM0JELWiKW5Lz
pPhkkQjQUJSfoW+QgHTj8rCS5OTCw6rGcuI8lHKkdJridduqeCcgxGJ3u3UIg6w8
n+W1dyrJgOdFDxkIypEMAkgJ1G7Lt2MNSLT2Bjbsgc8mgyiRMENL5UYlIjclVqGJ
A6qX72ZJzXzcytbu7ygt+SHBLUkznct2ds4QlPgyvfuphkS1+oVnzCvIOhlThLVe
7YNYgyGbv0tdatCdZYpOP/0RAhwWavavtpwBhoQGdHe8YPkRdREYmJqkN58MA40q
odb/ii8PHfVxj9EH1wRhuFROaPl/bmhKpPwFCA1dRe0vEs+xER1VJ03LfZT9ZEYy
XVCR0A==
-----END CERTIFICATE-----
(Reporter)

Comment 8

a year ago
And for Facebook:

https://www.facebook.com/

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: true
HTTP Public Key Pinning: true

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIEUTCCAzmgAwIBAgINAMP/FnTg2JoacwJQAzANBgkqhkiG9w0BAQsFADBUMRkw
FwYDVQQKDBBBTyBLYXNwZXJza3kgTGFiMTcwNQYDVQQDDC5LYXNwZXJza3kgQW50
aS1WaXJ1cyBQZXJzb25hbCBSb290IENlcnRpZmljYXRlMB4XDTE2MTIwOTAwMDAw
MFoXDTE4MDEyNTEyMDAwMFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm
b3JuaWExEzARBgNVBAcTCk1lbmxvIFBhcmsxFzAVBgNVBAoTDkZhY2Vib29rLCBJ
bmMuMRcwFQYDVQQDDA4qLmZhY2Vib29rLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqMWw7SdB9CsRKqUcF9UpMWrGg4n1qpqUbgXSL320Cy7BQb
mXgwhnXiGV30nZkk83g+pplYJgQmK0OBNAZA3Y9dCOhY9e/PVhyYMArc3GgrM1oo
i9qyFtKAJpWM8DHvitmlBDwPanlF0FTo/jVwUQuWHDBHhlEzFQAkAVRofssMzDIc
8ZVfj+PR96AWZr2ES+Woaflct9JDHaSXHmLtQuS7IOKaSE5tG8qQI6TsfGm0KR5Y
M/ShRQ1NUD6PxsQABV31NbIns501qV95wFijoqkQpdtOLyDVmM6qKSoL/bVQPNgL
kqw6eg8Ny9e1R0nG2Q1z0OWzCcmZ80k/eeiZ+VECAwEAAaOCAQswggEHMIHHBgNV
HREEgb8wgbyCDiouZmFjZWJvb2suY29tgg4qLmZhY2Vib29rLm5ldIIIKi5mYi5j
b22CCyouZmJjZG4ubmV0ggsqLmZic2J4LmNvbYIQKi5tLmZhY2Vib29rLmNvbYIP
Ki5tZXNzZW5nZXIuY29tgg4qLnh4LmZiY2RuLm5ldIIOKi54eS5mYmNkbi5uZXSC
DioueHouZmJjZG4ubmV0ggxmYWNlYm9vay5jb22CBmZiLmNvbYINbWVzc2VuZ2Vy
LmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHnJQ9IYtr7NjeXa
Co33EACHpXlO2GfDXea6/Oc3DA+n4+qSnpxiMiB41t6JOuaRqwjJzd37KqnLokW9
J0FWmht0zMu7RtU9Dx+E69J8W23kocRcB6n/nsl5HztA2W4TOsPorTYHHdYbOaib
yHrotzV2uzyr42GFdpusHly/itmooIFZxp4MxDiUShtgkcECxMi0+j+yhdqybe42
903qwL129LAa1OmwWZ7Idu9rXxNIUlvn9Kt0KI0000iQVpduHUhTkCGWx6QeCYU6
z5+2MmsFDJziufQVuP3p9o1v6EJx+67ZHZzMwVnxub0+v51lyJtJiCCCOzUcjnSl
yRZG7Qo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDYDCCAkigAwIBAgIJAOiVj1hmrjK1MA0GCSqGSIb3DQEBCwUAMFQxGTAXBgNV
BAoMEEFPIEthc3BlcnNreSBMYWIxNzA1BgNVBAMMLkthc3BlcnNreSBBbnRpLVZp
cnVzIFBlcnNvbmFsIFJvb3QgQ2VydGlmaWNhdGUwHhcNMDcwMjAyMTkzNzEyWhcN
MjcwMTI4MTkzNzEyWjBUMRkwFwYDVQQKDBBBTyBLYXNwZXJza3kgTGFiMTcwNQYD
VQQDDC5LYXNwZXJza3kgQW50aS1WaXJ1cyBQZXJzb25hbCBSb290IENlcnRpZmlj
YXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoxbDtJ0H0KxEqpR
wX1SkxasaDifWqmpRuBdIvfbQLLsFBuZeDCGdeIZXfSdmSTzeD6mmVgmBCYrQ4E0
BkDdj10I6Fj1789WHJgwCtzcaCszWiiL2rIW0oAmlYzwMe+K2aUEPA9qeUXQVOj+
NXBRC5YcMEeGUTMVACQBVGh+ywzMMhzxlV+P49H3oBZmvYRL5ahp+Vy30kMdpJce
Yu1C5Lsg4ppITm0bypAjpOx8abQpHlgz9KFFDU1QPo/GxAAFXfU1sieznTWpX3nA
WKOiqRCl204vINWYzqopKgv9tVA82AuSrDp6Dw3L17VHScbZDXPQ5bMJyZnzST95
6Jn5UQIDAQABozUwMzAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDATBgNV
HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAUPLcM0JELWiKW5Lz
pPhkkQjQUJSfoW+QgHTj8rCS5OTCw6rGcuI8lHKkdJridduqeCcgxGJ3u3UIg6w8
n+W1dyrJgOdFDxkIypEMAkgJ1G7Lt2MNSLT2Bjbsgc8mgyiRMENL5UYlIjclVqGJ
A6qX72ZJzXzcytbu7ygt+SHBLUkznct2ds4QlPgyvfuphkS1+oVnzCvIOhlThLVe
7YNYgyGbv0tdatCdZYpOP/0RAhwWavavtpwBhoQGdHe8YPkRdREYmJqkN58MA40q
odb/ii8PHfVxj9EH1wRhuFROaPl/bmhKpPwFCA1dRe0vEs+xER1VJ03LfZT9ZEYy
XVCR0A==
-----END CERTIFICATE-----
https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

it sounds like antivirus or malware is intercepting the connection, or perhaps some network trouble.
also, those certificates are issued by Kaspersky.

can you try following the section for Kaspersky?
  https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER#w_kaspersky
Severity: critical → normal
(Reporter)

Comment 10

a year ago
The Kaspersky fix worked.

Thanks!!!
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Flags: needinfo?(policemisconduct)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.