What it is and how to fix the SEC_ERROR_UNKNOWN_ISSUER error

Pablinux

8 minutes

SEC_ERROR_UNKNOWN_ISSUER

In recent years, when we are all becoming aware of how important security and privacy is, different web browsers have stepped up to protect their users. Many of them already do something similar to the HTTPS Everywhere extension, basically prioritizing HTTPS connections, whose “s” stands for “secure”. To get this security certificate you have to pay extra to our hosting service, and there are malicious users who try to trick us with a false "s" for their own benefit. That's when we can see the error SEC_ERROR_UNKNOWN_ISSUER, and here we are going to explain what it is and how to fix it.

The SEC_ERROR_UNKNOWN_ISSUER error is something we see in Firefox when we are trying to connect to a domain that claims to use an SSL certificate issued by an untrusted issuer. Like when a page is detected to be malicious (or offers protected content and things like that), the browser will block our access, but there are times when it can be wrong, or for whatever reason we want to enter that website, so we there are ways to bypass it.

More about the A SEC_ERROR_UNKNOWN_ISSUER error

The PKI (Public Infrastructure Key) is designed in such a way that only trusted certification authorities or CAs can issue certificates of this type. These CAs follow guidelines to ensure that they are exercising due diligence when it comes to validating and issuing bona fide certificates. A SEC_ERROR_UNKNOWN_ISSUER message indicates that the browser does not trust the certificate issuer. The problem can come when the browser does not trust, but because of an error or something external that is preventing you from seeing things clearly. This is when we can try different methods.

Avoid SEC_ERROR_UNKNOWN_ISSUER Error

Confirm that the website is configured correctly

When these types of errors appear, we sometimes see a button Advanced Options. When a "malicious" page is detected, and as we have explained, sometimes it is not and is only blocked because it offers copyright-protected content, we can tell it to let us in, and the browser obeys.

Something like this is what we see in the SEC_ERROR_UNKNOWN_ISSUER error window. By clicking on the advanced options button, we must check if the message is for a certificate that is not trusted because the issuer is unknown, the server is not sending the appropriate intermediate certificates or a root certificate needs to be imported. If that is the case, the intermediate certificate of the web page may not be found, and we can prove the following:

  1. Let SSL Server Test.
  2. We enter the name of the domain in the text box and click on “Submit” (deliver).

SSL Server text

  1. If we see a message that says something like "Chain issues: incomplete", it means that there is no appropriate intermediate certificate. It would be necessary to contact the owner of the domain to solve the problem.

It may not be what we expected, but that way we already know where the problem is and it would no longer be necessary to continue: the fault is yours.

Create a new Firefox profile

We can also see the SEC_ERROR_UNKNOWN_ISSUER error if the Firefox profile is corrupted. It can create a new profile to see if the bug goes away. From my point of view and as a Linux user, I think it's best to remove the .mozilla folder from our /home and try again. As we see in the support page, in that folder all the configurations are saved, so it would not be a bad idea to take the folder to the desktop and test if it works. If not, the folder can be put back in and everything will be as before it was taken out. In the previous link we also see where it is if we use other operating systems.

Of course, removing the folder we will have Firefox as after the installation from scratch, so all the initial configuration options will appear again.

Disable extensions

The error that Firefox is showing may not have much to do with it or the web page, but with an extension that is causing the error. Therefore, the first thing we will do after the previous point will be to try disable some extensions, starting with those that manage the connections.

For example, let's say we're using TouchVPN and we want to make sure it's not that extension that's giving us problems. First, we will click on the hamburger menu and then on “Plugins and Themes”.

Firefox tweaks, plugins and themes

Once in “Plugins and themes”, we look for the extension that we want to disable and click on its switch. Since we are in this section, it does not hurt to take a look at all the extensions that we have installed and check all those that we think may be giving us headaches. Being a quick and simple process, you can even try to deactivate all of them; This deppends on each one.

Disable Extension

Accept the risk continue

This is safer if we know for sure that a page is reliable, and it is not worth doing without rhyme or reason. It may be the case that, when clicking on "Advanced", we see a message that says that the certificate is not trusted because it is self-signed. This means that is not signed by a recognized authority. Here we can click on the button to accept the risk and continue. This is what is done when the browser blocks a page for copyright reasons, and you have to be careful because the play may not always go well.

Antivirus, firewalls and others, the worst enemies of the SEC_ERROR_UNKNOWN_ISSUER error

Although no operating system is 100% secure, many Linux users experience a slight blockage when hearing or reading the word “antivirus”. What's that? Well, what we used in Windows, and in my case I became so sure that I had a problem, I called a computer scientist and I didn't even know where to start to make changes. In the same way that many messages appeared to me when trying to repair things, when that should not be its behavior, an antivirus or protection software can cause the error SEC_ERROR_UNKNOWN_ISSUER.

If none of the above has worked, all software of this type must be stopped from working. If an antivirus can be disabled 100%, it is disabled. Otherwise, you should at least try to disable SSL scanning, something that will change depending on the brand of antivirus. If it does not offer those possibilities, it can be uninstalled. And since we are talking about the antivirus, it does not hurt to give our team a pass, since the Malware can also cause this failure.

Everything we have said about the antivirus can be valid for other types of software, such as the firewalls, VPNs and proxies that we are using, although it is also true that it is more common in Windows than in Linux or even in macOS.

Try another browser

As someone who has dabbled in web design and programming, one thing I recommend is having installed various browsers. Although they use the same engine, they do not always behave the same. That's why, although I use Vivaldi in my day, I also have others like Brave and Firefox. The first is the closest thing to Chrome without being Chrome; the second uses a different engine than Chromium. I don't use Safari because it's only for macOS, but it wouldn't hurt to install it to deal with all those glitches you only see on Apple devices.

When I see something strange in my browser and I don't want to waste time investigating it, the first thing I do is open Brave, and then Firefox. It is at that moment when I compare and begin to draw conclusions. If we are in Firefox and we see the SEC_ERROR_UNKNOWN_ISSUER error, we can try almost any other browser, as long as it is not be based on Mozilla's, or we could see the same thing. If the problem goes away, at least we can access the page we wanted to see. In the case where it also gives problems, one thing is clear: it has nothing to do with Firefox.

In the same way that we have several of the newest, most powerful and versatile browsers installed, we can also install more limited alternatives that do not offer as much security and will not show these types of errors. I'm not saying that Epiphany (GNOME-Web) is a dangerous browser, but its philosophy of simplicity can get us out of a quagmire on more than one occasion.

… or other device

Trying another browser does not have to stay on the same computer. If we have more devices, such as other computers, mobile phones or tablets, we can enter from these. And on mobile phones we can do it in three different ways: with the SIM card network, from a WiFi network and using a VPN. I already tell you that we will not always see the same.

In the end, what we have to do is be able to access where we want to enter, and we have to find out if the problem is with us or with the domain. With what has been explained here, we already know what the SEC_ERROR_UNKNOWN_ISSUER error is and some ways to solve it. For more information, the Mozilla support pageAlthough I can tell you in advance that the previous link explains little more than antivirus failures.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.