Since HTTPS is designed to prevent snooping, Microsoft Family Safety would be unable to monitor the encrypted traffic unless it performs what is essentially a man-in-the-middle attack. It accomplishes this by decrypting and re-encrypting communications using Microsoft's own key. Such tampering, of course, does not go unnoticed. Firefox dutifully reports the man-in-the-middle scheme as suspicious activity.
To consent to such snooping, and suppress all "Untrusted Certificate" warnings arising from this scheme, you need to instruct Firefox to trust Microsoft's SSL certificate that is used for re-encrypting. (Microsoft Internet Explorer doesn't have this "problem" because it trusts Microsoft's certificate out of the box. Google Chrome is the same, since it relies on cryptography mechanisms built into Windows. Firefox, however, uses its own cryptographic routines that consult a separate list of trusted root certificates.)
The certificate that you need to import is Microsoft's. Go to Control Panel → Network and Internet → Internet Options → Content → Certificates → Trusted Root Certification Authorities. Select the Microsoft Family Safety certificate, then click Export…. Answer No, do not export the private key. Either of the two .CER formats is fine. Save it to any convenient temporary location, such as familysafety.cer
on your Desktop.
Then, you need to tell Firefox to trust the certificate that you just exported. In the Firefox menu, choose Options → Advanced → Certificates → View Certificates → Authorities → Import…. Select the familysafety.cer
that you had just saved. Select Trust this CA to identify websites, then click OK, and close the Options dialog.
You should no longer get the "Untrusted Certificate" warning when visiting reputable, correctly configured websites under Family Safety.
Alternatively, you could disable Family Safety, or just the Activity Reporting feature. You can do so under Control Panel → User Accounts and Family Safety → Set up Family Safety for any user. Authenticate as an administrator if necessary, then select the child's account on which to disable the feature.
1Could your system clock be wrong? Check your date/time. Even though it's HTTPS if your system thinks it's 1/1/2001 and you're loading a certificate 13 years in the future, it won't be valid. Just a thought. – Andrew – 2014-12-17T10:56:33.667
3@Reeves That is not true.
(Error code: sec_error_unknown_issuer)
which is different from certificate expired. – Ramchandra Apte – 2014-12-17T12:46:32.5935
Why don't you inspect certificates when you see "Untrusted Connection" warning? "https://www.google.com" doesn't mean that site you are trying to connect to is reputable. That's the point of SSL.
– el.pescado – 2014-12-18T12:20:28.767please add family-safety tag. – Ed Randall – 2015-10-13T19:10:02.270
@EdRandall 1. Stack Exchange only allows five tags per question. 2. Family safety happens to be part of the answer, but isn't obviously part of the question. – 200_success – 2015-10-13T19:11:58.047