Firefox tells me that for several web sites that I visit regularly:
"Your connection is not secure. The owner of xxx.com or xxx.co.uk has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site". I can't even get to search with Google!
I normally run my computer as a 'user', but when I run as an 'administrator', I can connect to those sites without a problem.
Other web sites connect OK even when running as a 'user'.
Re-starting FF or re-booting the computer doesn't clear the problem.
Thanks for the suggestions. I use Bitdefender Total Security as my AV etc, not AVG nor Avast.
A bit of Googling and generally thrashing about tells me that one possibility is that the database of certificates in my user Appdata area has become corrupted. The fact that I can access all the web sites when running as an administrator, and also when using Comodo Ice Dragon as my browser, makes me think it's something specific to my Appdata files, in particular a corrupt Cert9.db file. I've tried deleting it and letting FF rebuild it, which doesn't cure the problem. The next thing to try is copying the Cert9.db file from my Administrator area into the appropriate folder in my User area to see if that cures it. Failing that, I'll carry on using Comodo, as it's very similar to FF, until I get the problem properly sorted.
This is what I get initially when attempting a Google search:
"Your connection is not secure
The owner of
formatting link
has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate."
and when I click on 'Advanced' I get: "
formatting link
uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER"
Apart from that, a bit more Googling suggests I should switch off 'Scan SSL' setting in Bitdefender v.15 and v.16, except I can't find that setting on Bitdefender Total Security. Nor can I find which version of Bitdefender Total Security I have. For most applications, it's under Help > About, but there doesn't seem to be such a thing on my current version of Bitdefender.
However
I switched off the 'Search Advisor' option under 'Online Threat Protection' in Bitdefender, which allowed me at least to access Google, although the same web sites still got blocked. Switching the OTP back on blocks Google itself again. It's most odd.
Chosen Solution thanks, so in a corporate environment it appears that all your secure network traffic is being intercepted/monitored by some network appliance. in order for that to work, the certificate of the man-in-the middeling device has to be trusted by browsers. firefox uses its own trust store for certificates instead of depending on the windows trust store by default.
you could import all custom certs from windows into firefox like this, which in effect should address the erros on secure pages: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.enterprise_roots.enabled. double-click it and change its value to true and restart the browser. </q>
Did you get the option to add an exception? From there you can view the certificate(s) you are being given, What does the root certificate in the Hierarchy box say?
Most likely is something (bitdefender or whatever) is decrypting your SSL sessions, inspecting and/or modifying them and re-encrypting with a local certificate, which naturally firefox doesn't trust.
The error is what you'd expect, given what bitdefender is doing to your traffic.
No. As quoted earlier, I get "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate."
Er...I see no Hierarchy box! Where should it be?
You don't like Bitdefender? Pray tell...
I don't get the problem when I run as Administrator, or when using Comodo Ice Dragon. I don't see why Bitdefender should be at fault if I only get the failure when running as a User.
If you don't get the option to add an exception, you can't view the certificates, so it doesn't exist.
I don't like *anything* that futzes with SSL traffic.
Perhaps when bitdefender was installed (as admin?) it added its own root cert to admin's cert store?
Firefox has its own cert store, but other browsers use the windows cert store, which was what the 'enterprise' about:config setting someone else suggested would change.
If you visit another https site, that doesn't use HSTS (i.e. not as high profile as google, or a bank) do you get a "weaker" error message that does let you get as far as adding an exception?
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.