When establishing a secure connection with the server using the https protocol, the browser Mozilla Firefox Instead of the expected web page, it may display a warning “this connection is untrusted”. How to respond to it correctly: remove the ban, find out why it is displayed, or is it better to leave the site?

The choice of solution depends on the type of identification error, system settings, and the ins and outs of the site. It is these factors that help prevent personal data leaks and virus attacks. Or, on the contrary, they get rid of unnecessary suspicions (when, in fact, no one is threatening the computer, and you just need to adjust the options).

How to quickly ban or allow?

If, while surfing the web, the “untrusted connection” message appears when you try to access an unfamiliar (or dubious) site, immediately activate the blocking:

On the message tab, click the “Let's get out of here!” button.

And if you are 100% sure that your computer is not infected with viruses and the site you want to access is safe, you can allow the connection in the same tab:

1. Open the “I Understand the Risk” spoiler.

2. Click the “Add to exception” button.

3. B additional window click the “Get certificate” button (located next to the address of the blocked website).

4. Enable the add-on “Permanently store this exception” (click the mouse to check the box).

5. Click “Confirm exception...” (button at the bottom of the window).

Analysis of identification errors and their elimination

To find out the error code, on the warning tab, click “Technical details” and read the information in the last line of the “Error code” spoiler.

Attention! Code analysis allows you to prevent errors from occurring in the future. Neutralize the cause of its occurrence.

Let's look at the most common cases of incorrect identification:

The certificate has expired or is not valid

These problems are referred to by Firefox as "sec error expired certificate" and "sec error expired issuer certificate" respectively. Quite often the cause of their occurrence is the incorrect date and time set in the computer clock.

Check and, if necessary, adjust the clock and calendar:

1. Left-click on the date in the tray (in the lower right corner of the display).

2. Open "Change Settings".

3. Click the “Change...” button.

4. In the additional window, set the date, month, year. Click "OK".

5. In the Date and Time panel, also click Apply and OK to activate your changes.

The certificate is only valid for a specific site

(ssl error bad cert domain)
This error occurs when the server sends the browser the identifier of another site. In other words, he slips in a fake.

However, there are situations where Firefox blocks trusted resources in a similar way. This happens because the certificate applies to a specific part of the website. For example, for an address in the format “https://www. . ru" it works, but for "https://. ru" (without www) - no longer exists.

Certificate issuer unknown

(sec error unknown issuer)
Known certificates may be detected as unknown by Firefox due to corruption in the cert8.db file (identity store). Delete it in your profile and try to install it again secure connection:

1. In the upper right corner of the browser, click on the “three stripes” icon.

2. At the bottom of the tiled menu, click the question mark icon.

3. In the submenu, select “Problem Solving Information.”

4. On the “Application Information” tab, in the “Profile Folder” column, click the “Show Folder” function.

5. In the window that opens, in the browser directory (in the profile folder), delete using the standard function Windows file cert8.db:

• right-click on it;
• in the panel that opens, click “Delete”.

You can also access the identifier database without opening a browser:

1. Click on the “Start” icon.

2. In the “Search” line, specify the path to the folder with profiles:

%APPDATA%\Mozilla\Firefox\Profiles\

3. In the window that appears, go to the folder with the profile of the current account, and then delete cert8.db in it.

The browser received a weak ephemeral key

(ssl error weak server ephemeral dh key)
This blocking access may occur due to conflicts with the SSL 3.0 protocol version. To disable its support, follow these steps:

1. In a new tab, in the address bar, type - about:config.

2. Under the warning text, click “I promise I will...”.

3. In the “Search” line, type - ssl3.

4. Right-click on the first setting in the list - security.ssl3.dhe_rsa_aes_128_sha.

5. In the submenu, click “Switch”. (The value will change from “true” to “false”).

6. Similarly, disable the second setting in the list “... aes_256_sha”.

7. Restart your browser and try again to establish a secure connection to the blocked web resource.

Have a comfortable and safe web surfing in the Firefox browser!

Browsers are improving and becoming more advanced, but this affects security only to a small extent. Mainly the exchange of information occurs from the client to the server and vice versa. It is not always possible to protect data using built-in means; as a result, there is a risk that sent packets will be received by an unauthorized person.

Due to the insufficient level of connection security, SSL technology has been developed to fill this need. Thus, the server and client create a specific key that is needed to understand all requests. Without this key, the intercepted data is worthless, and this was precisely the key goal of the technology.

When SSL does not work correctly for some reason, you can see the error Your connection is not protected by Firefox. The browser, determining the level of protection of the site, checks the reliability of the basic parameters. If any step is performed incorrectly, an error appears.

Most often, the culprit for your connection not being protected by Mozilla is the server itself. There are a number of situations in which action can be taken on the client side.

Error Definition

Before moving directly to solving the problem, you need to identify it. You can follow the methods presented in the instructions without hesitation and expect a positive result, but it is better to look at the error code.

Having learned the failure code, it becomes obvious why your connection is not secure, how to fix it and whether it is possible to influence the processing of the certificate. This information is available directly on the error page; you need to click on the “Advanced” button. The auxiliary parameters of the failure will be indicated, namely the reason for the connection loss and the error code of the function that found the problem.

Working with dates

There are several options for problems that are associated with incorrect time display on the computer. In this case, the time zone is processed correctly, that is, the time difference between the user and the client in time zones is not important, but only their reference value.

Therefore, if the time is set incorrectly and instead of setting GMT +3.00, GMT +2.00 is set and the time is manually adjusted by an additional hour, then the error will not be long in coming. This approach is fundamentally incorrect and it is necessary to set the correct parameters.

When faced with a malfunction, “the certificate has expired” or “will not be valid until,” you need to pay attention to the correctness of the specified time.

So, your connection is not protected by Firefox, how to fix it:

• Click on the time in the lower right corner;
• Select the link “Change date and time settings”;

• In the “Time Zone” section, click on the “Change...” button;
• Select the correct zone, preferably find your country among those listed, otherwise at least others, but with the same GMT longitude;

• Click on “Change date and time”;
• Set the correct values ​​based on a reliable source, it is better to take it from the network.

An alternative option, which will be a little easier to use, is to automatically update via the Internet. This method is available in the “Internet Time” tab. Next, click “Change settings...”. Then check the “Synchronize with server...” checkbox. By default there is a server, but you can install a different one.

Disabling antivirus

Sometimes the user encounters a problem due to the presence of an antivirus with active protection. This is usually indicated by an error stating that the certificate chain is unknown. The problem that it says your connection is not secure is the presence of a built-in web inspector. It performs additional manipulations with SSL, which fail. It is logical that you can get out of the situation simply by disabling such a function.

If Avast is installed on the system, you need to configure:

• Go to the main antivirus menu and click on “Settings”;
• Next, go to the “Active Protection” tab;
• Follow the “Web Shield” section;
• Remove the checkbox from the “Enable HTTPS scanning” option.

For Kaspersky, the steps are slightly different:

• Go to “Settings” and expand the full list;
• Now find "Network";
• In the “Scanning secure connections” column, you must remove the corresponding flag.

Creating a new certificate file

When none of the procedures help, you can resort to another method. It consists of deleting the certificate file and then creating it. It is likely that the cause of lags when Mozilla your connection is not secure is failures in this file. All you need to do is delete the element; creation will happen automatically.

So, your connection is not secure, what to do:

• Go to the menu and click on the question mark corresponding to the “Help” section;
• Next, follow the “Information for solving problems”;

• Follow the "Application Details" tab;
• Go to the folder with the certificate;

• Close your browser completely;
• Delete the cert8.db file.

After automatically creating the element, the problem should disappear, since the bugs from the file have been removed.

Alternative method

In any case, if you do not want to troubleshoot the problem, you can always go to the site and simply ignore the message. In a situation where the certificate is self-signed, this is even recommended.

In order to go to the site despite the warning, you must click on “Advanced” and add the resource to the exception. The action should only be carried out if you completely trust the site, otherwise it is easier to switch to another resource with similar content.

Error message

In the end, if no methods allowed you to achieve the desired result, you must relieve yourself of responsibility, because the problem is not in the user’s system. If possible, inform the resource owner about the presence of a specific problem; it is better to indicate the error code and message. Wait until the site is completely repaired and the problem will disappear.

You can also report the problem to the technical department of the browser itself, they will probably be able to provide all possible assistance in solving it. The required notification column is located under the message, just highlight it.

If you still have questions on the topic “What to do if the error “Your connection is not secure” occurs in Mozilla Firefox?”, you can ask them in the comments

With a trusted Internet site where the Uniform Resource Locator (URL) begins with “https://,” the Internet browser is required to check the validity and relevance of the certificate and the adequacy of the level of encryption for user privacy. If such a check does not give positive results, the Mozila search engine will stop trying to establish a connection with an unverified Internet portal and issue an information alert “Your connection is not secure.” This does not mean that this website is potentially dangerous and can cause harm to the user. global network, stealing personal data, and to the computer, introducing malicious software or viruses into it.

Cases when users encounter the message “Your connection is not secure” in the Mozilla Firefox browser may be different. Let's look at the most common options in order to be aware of the risks and be able to eliminate this problem, if necessary.

One of the scenarios when you may encounter a denial of access to a network resource and see the message “Unsecured Firefox connection” may occur due to incorrectly set date and time. In this case, the user can check the relevance of his settings and correct them by setting the settings for automatic synchronization by time. This problem can be especially acute for residents of Russia twice a year, when other countries switch to winter or summer time. And the operating room Windows system can rearrange time independently. In such cases, it is worth revising the time zone.

Also, standing guard over the user device antivirus programs may prevent you from accessing certain websites. The activated Secure Sockets Layer Scan feature may be to blame. You can try disabling this SSL option to conduct an experiment and try to access the site again. In this case, the risk of running into trouble increases. From the same category, it is possible that the computer is already infected with malicious software. A full scan of the system for its presence is required, followed by a complete cleaning of the PC.

Note: Problems with verifying SSL certificates may be due to the absence or irrelevance of certain components built into Windows OS itself. Don't forget to check for updates and install them on your computer in a timely manner. operating system. In the “Control Panel”, in the “System and Security” item there is “Center” Windows updates", where you can check for updates and, if available, install them.

If with date and time and also with security personal computer Everything is fine. An experiment with disabling the SSL option in the antivirus did not produce results. You can try cleaning the certificate store. To do this, you need to find and delete a specific “Data Base File”.

Mozilla Firefox browser settings => Open Help menu icon => Troubleshooting information.

In the profile folder, open the resources with the saved data, find the “cert8” file and delete it, after closing the Mozilla browser.

After launch search engine this file will be created automatically, and the certification problem may be resolved.

The following method does not eliminate the error, but allows the user to bypass browser restrictions. To do this, you should try using the “ ” option.

This method will allow you to bypass restrictions and will not store in the browser any information about the user’s activity on the Internet, cache memory, cookies and your location.

The most common situation when the Mozilla Firefox browser displays the error “your connection is not secure” occurs when connecting via Wi-Fi networks with Proxy server settings, where you need to use a login and password. In this case, you only need to add a security exception, obtain a certificate and use all the features of the progressive Internet browser.

If you see an error when establishing a secure connection in Firefox, it means that the browser has determined that the HTTPS protocol encryption level is insufficient or its certificate is invalid. In this case, blocking access to a web resource is carried out for security purposes to prevent the loss of personal data and the penetration of viruses into the system. But in some cases, the “your connection is not secure” error may appear due to browser problems and incorrect system settings, and not due to protocol-related problems.

This guide covers options for troubleshooting this issue in Mozilla Firefox and when it occurs.

Reason #1: the time and date are set incorrectly

If the tab displays an error code instead of the requested site:

SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE

SEC_ERROR_EXPIRED_CERTIFICATE

This indicates that the certificate has expired. But sometimes this type of error can be caused by incorrectly set date and time in the system options. Click on the clock in the tray, check the date, month and time for consistency. It is necessary to set valid values.

Once setup is complete, try opening the site again.

Reason #2: outdated version

IN outdated versions The Mozilla Firefox browser uses the SSLv3 protocol. It is now recognized as potentially dangerous and is no longer used. In online banking services and online stores, an encrypted connection using it is impossible. An error appears:

ssl_error_ssl_disabled

This suggests that, most likely, the browser needs to install an update. And it is done like this:

1. In the web browser menu, click the “Help” section.

2. In the drop-down list, click “About Firefox”.

3. Wait for the update to complete. The update will start downloading automatically, and then the message “Installed” will appear. latest version… ».

Reason #3: disabling SSL3 in settings

Sometimes you can get rid of the HTTPS connection error by fine-tuning the browser:

1. In the FF address bar, type “about:config” and press “enter”.

2. In the search field, enter the query - ssl3.

3. In lines:

security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha

Click the mouse to change the value: from “true” to “false”.

Reason #4: Firefox certificate database is corrupted

As a result of a virus or incorrect settings, the browser's certificate database, or rather the special file in which it is stored, can be damaged. To restore it and, accordingly, resolve the connection error, do the following:

1. Click the “three stripes” button at the top right (“Menu” button).

2. At the bottom of the panel that opens, click the “question mark”.

3. In the submenu, click “Troubleshooting Information.”

4. On the new page, in the “Profile folder” column, click “Open folder”.

5. In the profile directory that opens, find the “cert8” file, and then right-click on it.

6. In the system menu, run the “Delete” command.

7. Restart Firefox (a new database will be automatically created in the profile folder).

Successful browser settings and safe web surfing!

When Firefox connects to a secure website (the URL begins with "http s://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If it is unable to verify this, Firefox stops connecting to the site and will show you an error page with the message, Your connection is not secure .

Click the Advanced button to view the error code and other information about the error. Common errors are described in this article.

Note: If Firefox shows you a Secure Connection Failed or Did Not Connect: Potential Security Issue error page instead, see the article Secure connection failed and Firefox did not connect .

Table of Contents

What to do if you see these errors?

If you see a Warning: Potential Security Risk Ahead message, you may:

• Contact the website owner and ask them to correct their certificate.
• Click Go Back (Recommended) , or visit a different website.
• If you are on a corporate network or using antivirus software, reach out to the support teams for assistance.

After viewing the error code and other information about the error, click the Accept the Risk and Continue button to load the site at your own risk. This will add a security exception for the website certificate.

Warning! Do not proceed to the website unless you understand the reasons for the security warning. Legitimate public sites will not require you to add a security exception for their certificate. An invalid certificate can be an indication of a web page that will defraud you or steal your identity.

MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

This error indicates that the website"s certificate has not complied with security policies in Mozilla"s CA Certificate Program. Most browsers, not just Firefox, do not trust certificates by GeoTrust, RapidSSL, Symantec, Thawte, and VeriSign because these certificate authorities failed to follow security practices in the past.

The owners of the website need to work with their certificate authority to correct the policy problem. Mozilla's CA Certificate Program publishes a list of upcoming policy actions affecting certificate authorities which contains details that might be useful to the website owners.

For more information, see the Mozilla Security Blog post, Distrust of Symantec TLS Certificates.

SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE

date (...)

SEC_ERROR_EXPIRED_CERTIFICATE

The certificate expired on date (...)
This error occurs when a website's identity certification has expired.

The error text will also show the current date and time of your system. In case this is incorrect, set your system clock to today"s date and time (double-click the clock icon on the Windows Taskbar) in order to fix the problem. More details about this are available in the support article How to troubleshoot time related errors on secure websites.

SEC_ERROR_UNKNOWN_ISSUER

MOZILLA_PKIX_ERROR_MITM_DETECTED

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

man-in-the-middle attack is detected.

ERROR_SELF_SIGNED_CERT

The certificate is not trusted because it is self-signed.

How to troubleshoot security error codes on secure websites.

SSL_ERROR_BAD_CERT_DOMAIN

Firefox does not trust this site because it uses a certificate that is not valid for that particular site. Information sent over this site could be at risk, so the best thing for you to do is contact the website owners to correct the problem.

SEC_ERROR_OCSP_INVALID_SIGNING_CERT

The site is not configured correctly and failed a security check. If you visit this site, attackers could try to steal your private information, like passwords, emails, or credit card details.

The issue is with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

Corrupted certificate store

You may also see certificate error messages when the file in your profile folder that stores your certificates cert9.db has become corrupted. Try to delete this file while Firefox is closed to regenerate it:

Note:

Note: cert9.db will be recreated when you restart Firefox. This is normal.

What to do if you see this error?

If you encounter a "Your connection is not secure" error, you should contact the owners of the website, if possible, and inform them of the error. It is recommended that you wait for the website to be fixed before using it. The safest thing to do is to click Go Back , or to visit a different website. Unless you know and understand the technical reason why the website presented incorrect identification, and are willing to risk communicating over a connection that could be vulnerable to an eavesdropper, you should not proceed to the website.

Technical information

Click on Advanced for more information on why the connection is not secure. Some common errors are described below:

Certificate does not come from a trusted source

The certificate does not come from a trusted source.

Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

The certificate will not be valid until (date)

The certificate will not be valid until date (...)

Error code: SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE

The error text will also show the current date and time of your system. In case this is incorrect, set your system clock to today"s date and time (double-click the clock icon on the Windows Taskbar) in order to fix the problem. More details about this are available in the support article How to troubleshoot time related errors on secure websites.

The certificate expired on (date)

The certificate expired on date (...)

Error code: SEC_ERROR_EXPIRED_CERTIFICATE

This error occurs when a website's identity certification has expired.

The error text will also show the current date and time of your system. In case this is incorrect, set your system clock to today"s date and time (double-click the clock icon on the Windows Taskbar) in order to fix the problem. More details about this are available in the support article How to troubleshoot time related errors on secure websites.

The certificate is not trusted because the issuer certificate is unknown

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

Error code: SEC_ERROR_UNKNOWN_ISSUER

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED

MOZILLA_PKIX_ERROR_MITM_DETECTED is a special case of the SEC_ERROR_UNKNOWN_ISSUER error code when a man-in-the-middle attack is detected.

You may have enabled SSL scanning in your security software such as Avast, Bitdefender, ESET or Kaspersky. Try to disable this option. More details are available in the support article How to troubleshoot security error codes on secure websites.

You may also see this error message on major sites like Google, Facebook, YouTube and others on Windows in user accounts protected by Microsoft family settings. To turn these settings off for a particular user, see the Microsoft support article How do I turn off family features? .

The certificate is not trusted because it is self-signed

The certificate is not trusted because it is self-signed.

Error code: ERROR_SELF_SIGNED_CERT

Self-signed certificates make your data safe from eavesdroppers, but say nothing about who the recipient of the data is. This is common for intranet websites that aren't available publicly and you may bypass the warning for such sites. More details are available in the support article How to troubleshoot security error codes on secure websites.

The certificate is only valid for (site name)

example. com uses an invalid security certificate.

The certificate is only valid for the following names: www.example. com, *.example. com

Error code: SSL_ERROR_BAD_CERT_DOMAIN

This error is telling you that the identification sent to you by the site is actually for another site. While anything you send would be safe from eavesdroppers, the recipient may not be who you think it is.

A common situation is when the certificate is actually for a different part of the same site. For example, you may have visited https://example.com, but the certificate is for https:// www. example.com. In this case, if you access https:// www. example.com directly, you should not receive the warning.

Corrupted certificate store

You may also see certificate error messages when the file in your profile folder that stores your certificates ( cert8.dbcert9.db) has become corrupted. Try to delete this file while Firefox is closed to regenerate it:

Note: You should only perform these steps as a last resort, after all other troubleshooting steps have failed.

Note: cert8.dbcert9.db will be recreated when you restart Firefox. This is normal.

Bypassing the warning

Note: Some security warnings cannot be bypassed.

You should only bypass the warning if you"re confident in both the identity of the website and the integrity of your connection - even if you trust the site, someone could be tampering with your connection. Data you enter into a site over a weakly encrypted connection can be vulnerable to eavesdroppers as well.

In order to bypass the warning page, click Advanced :

• On sites with a weak encryption you will then be shown an option to load the site using outdated security.
• On sites where the certificate cannot be validated, you might be given the option to add an exception.

Legitimate public sites will not ask you to add an exception for their certificate - in this case an invalid certificate can be an indication of a web page that will defraud you or steal your identity.

// These fine people helped write this article: