Firefox "Untrusted Connection" warnings when visiting reputable HTTPS sites when using child's account
When using Firefox on Windows, I see an "Untrusted Connection" warning when visiting any HTTPS site, including very reputable ones such as https://www.google.com and https://search.yahoo.com. The warning message says:
Technical Details
search.yahoo.com uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
This is especially annoying, since the Search Bar doesn't work.
It only seems to happen on a Windows 8.1 child's account with Family Safety enabled. What is going on, and how can I fix it?
Since HTTPS is designed to prevent snooping, Microsoft Family Safety would be unable to monitor the encrypted traffic unless it performs what is essentially a man-in-the-middle attack. It accomplishes this by decrypting and re-encrypting communications using Microsoft's own key. Such tampering, of course, does not go unnoticed. Firefox dutifully reports the man-in-the-middle scheme as suspicious activity.
To consent to such snooping, and suppress all "Untrusted Certificate" warnings arising from this scheme, you need to instruct Firefox to trust Microsoft's SSL certificate that is used for re-encrypting. (Microsoft Internet Explorer doesn't have this "problem" because it trusts Microsoft's certificate out of the box. Google Chrome is the same, since it relies on cryptography mechanisms built into Windows. Firefox, however, uses its own cryptographic routines that consult a separate list of trusted root certificates.)
The certificate that you need to import is Microsoft's. Go to Control Panel → Network and Internet → Internet Options → Content → Certificates → Trusted Root Certification Authorities. Select the Microsoft Family Safety certificate, then click Export…. Answer No, do not export the private key. Either of the two .CER formats is fine. Save it to any convenient temporary location, such as familysafety.cer on your Desktop.
Then, you need to tell Firefox to trust the certificate that you just exported. In the Firefox menu, choose Options → Advanced → Certificates → View Certificates → Authorities → Import…. Select the familysafety.cer that you had just saved. Select Trust this CA to identify websites, then click OK, and close the Options dialog.
You should no longer get the "Untrusted Certificate" warning when visiting reputable, correctly configured websites under Family Safety.
Alternatively, you could disable Family Safety, or just the Activity Reporting feature. You can do so under Control Panel → User Accounts and Family Safety → Set up Family Safety for any user. Authenticate as an administrator if necessary, then select the child's account on which to disable the feature.
I also thought this was a problem with my upgrade to Windows 10 but it turned out to be Avast.
If you want to test this,
Avast: Open Avast -> Settings -> Active Protection -> Web Shield (Click Customise) -> Untick Enable HTTPS scanning.
Firefox: Open Firefox, go to say https://www.google.com and see if the page displays.
If you're happy turning off HTTPS scanning when browsing in Firefox then you don't need to do anymore.
...
However if you're concerned and want to get HTTPS scanning working again then you need to enable Firefox to trust Avast's web certificate which modifies content from https sites (such as google) as it checks for potentially harmful content in the secure stream. To achieve this follow these steps,
Windows: Open a run command -> Type mmc and click Ok -> Click File -> Add/Remove Snap-in -> Certificates -> Add -> My User Account -> Finish -> Ok
Expand Certificates - Current User -> Trusted Root Certification Authorities -> Certificates
You should see two certificates for avast!Web/Mail Shield Root, right click on the lower one and choose All Tasks -> Export
In the wizard that appears click Next -> choose DER encoded binary X.509 (.CER) and click Next -> Click Browse and save the file to your desktop using the filename avast.cer -> Click Next -> Click Finish -> You should get a message saying the export was successful
Firefox: Open Firefox -> Click the three horizontal lines and choose Options -> Advanced -> Certificates -> View Certificates -> Import -> Choose avast.cer from your desktop -> Tick the first two boxes and click OK -> OK -> Close Firefox
Avast: Open Avast -> Settings -> Active Protection -> Web Shield (Click Customise) -> Tick Enable HTTPS scanning
Firefox: Open Firefox, go to say https://www.google.com and the page should display
I know this is an old post, but another answer to this question from my experience was that Avast antivirus did this with any kind of secure connection. Google, Youtube, Steam, or anything else where you see "https:\"
I didn't realize it until I started monitoring the invalid details, and saw Avast as the certificate authority. I uninstalled Avast and went with a different antivirus. That corrected the problem for me.
On Windows 10 I had difficulty finding the proper control panel and then the certificate manager, at all. It's been hidden away from the dumbed-down controls UI. The quickest way I found was:
Make a shortcut for "Run..." on the start menu: Start > All Apps > W > Windows System > Run > Pin to Start
Press your new Run... button and type "certlm.msc"
When "Certificates - Local Computer" window appears, Action > Find Certificates... > in the "Contains" box type "Family"
Right-click the Microsoft Family Safety certificate and choose "Export..." Now essentially follow the steps from @200_success above; Export the certificate using the defaults (no private key, DER format, save it somewhere convenient).
Now for each child on each computer that they use, sign in and import the certificate into Firefox. Firefox > Options > Advanced > Certificates > View Certificates > Authorities tab > Import... and choose the file you saved earlier. Surely there's a way to do this once for all firefox users on a computer?