SEC_ERROR_UNKNOWN_ISSUER error: What it is and how to fix it

60

The appearance of the error message “This connection is not secure” may depend not only on the website you are visiting but on the digital certificates that have been installed on your machine by third-party software.

Firefox 57 alias Quantum has become even more severe towards those websites that use incorrect digital certificates but, above all, is promoting a “crackdown” compared to that software that activates proxy functionality on the local system and replaces the original certificates with their own.

The same approach will also be followed by Chrome, which, starting from version 63, will become much more uncompromising.

The SEC_ERROR_UNKNOWN_ISSUER error displayed by Firefox indicates a problem with the digital certificate used by the web server that delivers the requested HTML page.

However, the problem does not always lie with whoever manages the website: we explain the reasons for the error’s appearance and how it is possible to solve the problem.

The reason for SEC_ERROR_UNKNOWN_ISSUER error in Firefox

When you visit a site that uses the HTTPS protocol (compared to traditional HTTP, data encryption is added using SSL / TLS, thus making it impossible for third parties to monitor, read and modify data in transit), a digital certificate is certifying the identity of the website you are visiting.

Both Firefox and Chrome show the message ” Not secure ” in the address bar next to the URL of those websites that integrate a login form but do not use the HTTPS protocol (so they activate the transfer of authentication data in the clear).

In the case of Chrome, you can press the F12 key by visiting an HTTPS site and then click on View certificate to view the details on the digital certificate in use.

The same operation can be done in Firefox by clicking on the “i” shown on the left in the URL bar and then clicking on the arrow View connection details.

SEC_ERROR_UNKNOWN_ISSUER error - Image 1

By clicking again on More information, you will access the details of the website’s digital certificate.

SEC_ERROR_UNKNOWN_ISSUER error - Image 2

The View certificate button allows you to check the validity of the certificate shown by the website by checking, for example, the certification authority that issued it and its expiration.

SEC_ERROR_UNKNOWN_ISSUER error - Image 3

The error “This connection is not secure” (SEC_ERROR_UNKNOWN_ISSUER) can be caused by replacing the original certificate used by the website with another one.

Some software, often security programs, install a local proxy to which all requests to visit any website are redirected.

This component receives all requests for visits to any website and connects to the remote server on its own instead of letting the browser do so directly.

The goal is obviously to analyze the data passing through an HTTPS connection.

Web browser side, the original certificate showed by the webserver is replaced with another certificate, installed locally by the security software: and it is precisely for this reason that Firefox goes on a rampage showing the error message SEC_ERROR_UNKNOWN_ISSUER .

If, when verifying a specific website’s certificate information, no information on known authorities is found, the certificate has likely been replaced with one installed locally.
To find out, just download the free SigCheck utility and start it from the command prompt with the following syntax:

sigcheck -tv on 32-bit Windows systems
sigcheck64 -tv on 64-bit Windows systems

SigCheck will show the list of unknown certificates added on the system, most likely, by third party software (or by real malware).

By examining the certificate details from a web browser and using SigCheck, you can usually immediately trace the program that caused the error “This connection is not secure” (SEC_ERROR_UNKNOWN_ISSUER) in Firefox.

The appearance of the SEC_ERROR_UNKNOWN_ISSUER message can also be determined by security software (such as antivirus and antispyware) and parental controls by tools for filtering and monitoring browsing sessions used at the company level, and, obviously, also by malware.

Too bad that, at present, as confirmed in the Mozilla support document, Firefox does not differentiate the error message. The Mozilla browser always displays the SEC_ERROR_UNKNOWN_ISSUER error both in the case of web server-side problems and MITM ( man-in-the-middle ) attacks, with the replacement of the other’s digital certificate.