Firefox: This connection is untrusted + Behind corporate firewall

security certificate ssl firefox

If your system date or time is not wrong, and your problem is still not resolved, try the following. Because this problem is occurring only in your Firefox, but not IE, navigate to the secure site in IE, and determine which certificate is being used, which will be an icon somewhere around the menu bar. Then go to IE > Tools > Internet options > Content > Certificates > Trusted root certificate authorities (or maybe Intermediate certificate authorities), and find the certificate. When you find it, select Export, to export the certificate, in the default format.

Now go to Firefox > Tools > Options > Advanced > Encryption > View certifications > Authorities, and look for a certificate(s) with a similar name. If you find one, press Export, to export a backup copy of it. Now import into Firefox Authorities the certificate you exported from IE. Exit and restart Firefox. See if the "untrusted connection" problem is now fixed. If not, you could delete the imported certificate, if you wish. If problems arise, import back into Firefox Authorities the original Firefox certificate you backed up.

As soon as you finish, and everything is working OK, delete the certificates you exported, because they must be kept secure and must not be kept as files on your computer.


Chances are good that the reason it's untrusted is that the proxy is acting as a man in the middle, substituting its own ssl certificate to your browser. Firefox doesn't recognize the signing authority so it prompts you whether to trust it or not.

The question then becomes: do you trust your companies IT dept? Because they would then be able to read your mail, see your purchases, credit card info, etc. Whatever you do online that is encrypted is not encrypted to them.


Probably your company's proxy is doing a Man-in-the-middle attack to all connections (though it's not really an attack in this case). FF can't tell the difference between your company proxy and EVIL_GUY_ON_THE_INTERNET doing it, so it rightfully warns you.

If this is the case, your browser is misconfigured: The certificate which your company proxy uses needs to be installed into your browser; then FF will no longer complain. As a bonus, if a MITM attack occurs inside your network (between you and the proxy), you'll still get the right warning.

As to disabling the warning: I believe it's possible, but fairly complicated. Disabling is not safe because then all encrypted connections become vulnerable to MITM attacks. The solution I outlined above preserves security (as far as possible).


Perhaps this is occurring because your system date or time is wrong. Enter Start > Run > cmd > date /T, to check your system date. Enter time /T, to check your system time. To set system date or time, the command is date, and time. Also, ensure your clock is in the correct local time zone; and ensure it is synchronized with internet time server time.nist.gov.


If you're behind a corporate firewall, are you using a proxy server? Some web proxy servers will break SSL authentication because they are trying to proxy SSL connections, which won't work by design.

Check your proxy settings. If possible, turn the proxy off, and browse direct.

Related

Use UUID in udev rules and mount usb drive on /media/$UUID
How can I ignore all JOINS, PARTS from all but a few channels?
How to get the real IP address of someone using a proxy?
Can I run a virtual machine from external USB drive?
Is it possible to copy all Windows 7 files from one HD to another and boot from the new HD?
Is there any command line tool that can be used to edit environment variables in Windows?
How to back up gmail to my computer?
Variable bit rates with "-vb" and "minrate"/"maxrate" settings in FFmpeg
How to list global environment variables separately from user-specific environment variables?
Multiple Operating Systems or ISO's Bootloader for a USB Stick?
How to keep program running after SSH disconnection? [duplicate]
setting ERRORLEVEL to 0