0

I started with looking at this this post as I have exactly the same issue.

But I am not on a company network, after a proxy or anything special. I am at home with three computer where Firefox works on all of them.

The error only appears for a new user I just created. The only difference with all other accounts is that the user is a 'standard' user. (It will be my "Poor Old Grey-haired Daddy" in a care home so I want to protect the computer from accidental mistakes).

If I login using my own account (I have administrator privileges) it all works fine. This suggest that Kaspersky is not an issue but I tried with that disabled anyway and still got the same issue.

Details: Windows 7, on a Dell laptop with Kaspersky, Firefox 67.0 (32 bit).

If all else fails I have to make him use Chrome or IE but I know where all the Firefox buttons and settings are so it makes it easier for 'telephone help-desking'.

As to the error type: enter image description here SEC_ERROR_UNKNOWN_ISSUER.

Please see the composite picture below which also has the certificate. enter image description here

I checked the Firefox security settings on the new account and it shows lots of certificates.
I also saved four (google) certificates from my normal account and imported the first one into the new account, I get a message saying that the certificate already exists.

Oldfart
  • 111
  • 3
  • 2
    There's a lot of different certificate errors (untrusted CA, wrong domain, expired, etc.) Which one are you getting? – Joseph Sible-Reinstate Monica May 24 '19 at 20:05
  • If the error is about the certs not chaining to a recognized certificate authority, check the list of CA certs that Firefox knows about (from your dad's account), and make sure it's as expected. Firefox stores certs separately from the system cert store, and it's possible (though unlikely) that the newly-created user for some reason didn't get the full cert list from the install directory. In that case, you'd need to import the cert list from another user. – CBHacking May 24 '19 at 20:23
  • Question has been updated with (hopefully) the right information. It is now near midnight here. I will check again tomorrow. – Oldfart May 24 '19 at 21:02
  • 4
    Your antivirus is doing a man-in-the-middle attack (note the "issued by"). Firefox does not trust the self-signed certificate used by your antivirus to perform the attack. You'll need to install the certificate or get a less intrusive antivirus. The built-in Windows Defender or whatever the built-in protection is that comes with Windows is pretty good. – Ben May 24 '19 at 21:40
  • @JohnWu: Firefox doesn't use _any_ of the Windows cert stores, it uses its own. That's why FF gives an error while Chrome,IE,Edge accept the cert because they use the Windows store. This is explained at the link given in the Q. – dave_thompson_085 May 25 '19 at 05:51
  • If you 'disabled' Kaspersky but still got a Kaspersky cert it wasn't really disabled. Most 'antivirus' nowadays is really 'Swiss Army knife' with dozens of functions, you may have disabled the wrong one(s). And to be clear: did you import the _top_ (root) cert for the Kaspersky chain, to Firefox (not Windows) for the new profile, in the Authorities tab (not another tab), with 'to identify websites' ticked? – dave_thompson_085 May 25 '19 at 05:54
  • @dave_thompson_085 I admit I only skimmed the question and did not notice it was FF only. Of course you are right.. – John Wu May 25 '19 at 07:47

1 Answers1

1

I followed the advice from the comments.

I found that the Kaspersky certificate was NOT present in the Firefox list of certificates in the new account, but it was present in Firefox in my (administrator) account.

I exported it from there, imported it in the new user account, clicking "Yes, I trust etc." and now it is all working.

Thank you, everybody who has helped me out.

Oldfart
  • 111
  • 3