This Connection is Untrusted

For discussions specific to the Portable version of the browser.

Moderator: satrow

DarknessStorm
Moongazer
Moongazer
Posts: 14
Joined: 2017-06-25, 04:49

This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-23, 07:28

Greetings.
I downloaded portable latest stable version of pm and got Image
when tried to open youtube (many, many other sites also opens "this", but with probability to add exception)
How to get rid of this Untrusted window at all? (i know what sites a can open safely and what not)
Last edited by DarknessStorm on 2018-10-23, 07:28, edited 1 time in total.

User avatar
Isengrim
Astronaut
Astronaut
Posts: 701
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-23, 08:52

That screen is there for a good reason - to warn you that something is not right with the SSL connection. If it's happening frequently with many reputable sites, then my first guess is that your AV or firewall is interfering with the traffic.

See also: viewtopic.php?f=3&t=20693&p=154762#p154762
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 build 1803 (64-bit) (Sometimes)
We are our choices.

DarknessStorm
Moongazer
Moongazer
Posts: 14
Joined: 2017-06-25, 04:49

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-23, 12:50

nope, not my firewall or any "other" possible things in the system... i already tried to completely disable firewall module (i'm using comodo)/quit program - nothing helped.
And ofc i read the mozilla's topic, but my time&date is alright

User avatar
Isengrim
Astronaut
Astronaut
Posts: 701
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-23, 13:46

What are the technical details shown on that page? Is it the same error code for every site you have this issue with?
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 build 1803 (64-bit) (Sometimes)
We are our choices.

User avatar
gepus
Lunatic
Lunatic
Posts: 284
Joined: 2017-12-14, 12:59

Re: This Connection is Untrusted

Unread post by gepus » 2018-10-23, 14:05

@ DarknessStorm
Most probably your problem is related to security software which is interfering.
Often it's not enough to disable such programs since they are running as a service at Kernel-level.
After disabling you should also try to reboot your system. Also make sure that after rebooting no component of the security software is active.

DarknessStorm
Moongazer
Moongazer
Posts: 14
Joined: 2017-06-25, 04:49

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-23, 14:18

Isengrim wrote:What are the technical details shown on that page? Is it the same error code for every site you have this issue with?

Code: Select all

www.youtube.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: SEC_ERROR_UNKNOWN_ISSUER)
probably the same, but on some sites i can manually add exception, like this:
Image
@gepus
i tried to launch pm in a clean system (win7 x64) without any security/firewall software (with disabled win-built-in ofc) and got the same problem

User avatar
Isengrim
Astronaut
Astronaut
Posts: 701
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-23, 17:05

Perhaps something at the router/network level is mucking with your traffic?

If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 build 1803 (64-bit) (Sometimes)
We are our choices.

DarknessStorm
Moongazer
Moongazer
Posts: 14
Joined: 2017-06-25, 04:49

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-24, 07:01

@Isengrim, i have no router, internet cable plugged-in directly to my network card.
youtube has no choice, only "get out of here"
and yes, i'm 100% sure that it is the true youtube and other sites with such issue (the sites are not compromised)
my only wish is to get rid of this Untrusted window shit at all. (probably with changing something in about:config, but what...)
Last edited by DarknessStorm on 2018-10-24, 07:03, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23243
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: This Connection is Untrusted

Unread post by Moonchild » 2018-10-24, 07:19

If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
This would be a great help to know what breaks your trust chain.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

yami_
Lunatic
Lunatic
Posts: 428
Joined: 2018-04-26, 11:05

Re: This Connection is Untrusted

Unread post by yami_ » 2018-10-24, 08:30

DarknessStorm wrote:my only wish is to get rid of this Untrusted window shit at all. (probably with changing something in about:config, but what...)
You can not disable that:
IETF wrote:Error handling in the TLS Handshake protocol is very simple. When an
error is detected, the detecting party sends a message to the other
party. Upon transmission or receipt of a fatal alert message, both
parties immediately close the connection. Servers and clients MUST
forget any session-identifiers, keys, and secrets associated with a
failed connection. Thus, any connection terminated with a fatal
alert MUST NOT be resumed.
[...]
The following error alerts are defined:
[...]
unknown_ca
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA. This
message is always fatal.
cat came back from Berkeley waving flags -- rob pike

DarknessStorm
Moongazer
Moongazer
Posts: 14
Joined: 2017-06-25, 04:49

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-24, 15:27

You can not disable that
hmm... but why then my installed palemoon (27.8.3) is alright and i didn't ever see this Untrusted window?
btw, it's the same system and config.
Moonchild wrote:
If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
This would be a great help to know what breaks your trust chain.
ok, just for an example (because as i said - that window-with possibility to add exception or not-appears VERY often. i think in 90% of cases)
http://dl4.joxi.net/drive/2018/10/24/00 ... b4badb.png
Last edited by DarknessStorm on 2018-10-24, 15:32, edited 1 time in total.

User avatar
jimmyd
New to the forum
New to the forum
Posts: 1
Joined: 2018-10-24, 15:24

Re: This Connection is Untrusted

Unread post by jimmyd » 2018-10-24, 15:36

Moonchild wrote:
If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
This would be a great help to know what breaks your trust chain.
I just developed this exact same issue on Palemoon for Linux. Bizarrely, it is happening on a site I frequent daily that is not SSL encrypted! It seems to be a problem with a Cloudlare SSL certificate issued via Comodo.

ssl919196.cloudflaressl.com
02:36:AA:64:52:E1:81:21:E4:C2:DC:BE:1D:AA:18:B0

If I try to access the site via TBB Tor just hangs and won't do anything.

So this looks like a Cloudflare problem.

yami_
Lunatic
Lunatic
Posts: 428
Joined: 2018-04-26, 11:05

Re: This Connection is Untrusted

Unread post by yami_ » 2018-10-24, 15:51

This is definitely not the certificate that you should see, the correct one's SHA-256 fingerprint is B3:D7:DF:14:FA:2F:46:DF:D4:62:42:12:66:1B:88:DF:48:A3:CA:82:2B:99:B3:04:6D:A7:3B:B7:EE:FC:FF:00. If the other Pale Moon installation opens affected web pages it probably means that it has a CA certificate installed that makes browser think that everything is fine.
The easiest solution to this problem is disabling the software that is performing the MITM attack.
Last edited by yami_ on 2018-10-24, 19:24, edited 3 times in total.
cat came back from Berkeley waving flags -- rob pike

vannilla
Lunatic
Lunatic
Posts: 388
Joined: 2018-05-05, 13:29

Re: This Connection is Untrusted

Unread post by vannilla » 2018-10-24, 15:56

The certificate has been replaced somehow.
Under normal circumstances, you should get a certificate from Yandex CA, not Adguard Personal CA.
Do you use any particular security software? If so, it probably replaced your certificates in one way or another.

User avatar
Isengrim
Astronaut
Astronaut
Posts: 701
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-24, 16:14

The fact that the certificate is being issued by "Adguard Personal CA" means Adguard is causing the issue. I would disable this filtering being done by Adguard if at all possible.

Is Adguard an add-on? If so, try disabling it (or running the browser in Safe Mode) and see if the problem persists.
Last edited by Isengrim on 2018-10-24, 16:14, edited 1 time in total.
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 build 1803 (64-bit) (Sometimes)
We are our choices.

DarknessStorm
Moongazer
Moongazer
Posts: 14
Joined: 2017-06-25, 04:49

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-24, 16:26

@yami_
Thx a lot! I totally forgot about installed adguard in background. Seems some of its components worked even with disabled protection (needed completely exit)

User avatar
gepus
Lunatic
Lunatic
Posts: 284
Joined: 2017-12-14, 12:59

Re: This Connection is Untrusted

Unread post by gepus » 2018-10-24, 17:53

Isengrim wrote:Is Adguard an add-on?
It's a third party security software that needs system wide installation and acts as a filtering local proxy. :lol:
https://kb.adguard.com/en/windows/solvi ... ot-trusted

yami_
Lunatic
Lunatic
Posts: 428
Joined: 2018-04-26, 11:05

Re: This Connection is Untrusted

Unread post by yami_ » 2018-10-24, 18:44

DarknessStorm wrote:@yami_
Thx a lot! I totally forgot about installed adguard in background. Seems some of its components worked even with disabled protection (needed completely exit)
No problem. If you want to read more about HTTPS filtering Moonchild has written about it in the past: viewtopic.php?f=24&t=14122.
cat came back from Berkeley waving flags -- rob pike

Post Reply