This Connection is Untrusted Topic is solved

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
DarknessStorm

This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-23, 07:28

Greetings.
I downloaded portable latest stable version of pm and got Image
when tried to open youtube (many, many other sites also opens "this", but with probability to add exception)
How to get rid of this Untrusted window at all? (i know what sites a can open safely and what not)
Last edited by DarknessStorm on 2018-10-23, 07:28, edited 1 time in total.

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-23, 08:52

That screen is there for a good reason - to warn you that something is not right with the SSL connection. If it's happening frequently with many reputable sites, then my first guess is that your AV or firewall is interfering with the traffic.

See also: viewtopic.php?f=3&t=20693&p=154762#p154762
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

DarknessStorm

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-23, 12:50

nope, not my firewall or any "other" possible things in the system... i already tried to completely disable firewall module (i'm using comodo)/quit program - nothing helped.
And ofc i read the mozilla's topic, but my time&date is alright

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-23, 13:46

What are the technical details shown on that page? Is it the same error code for every site you have this issue with?
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 938
Joined: 2017-12-14, 12:59

Re: This Connection is Untrusted

Unread post by gepus » 2018-10-23, 14:05

@ DarknessStorm
Most probably your problem is related to security software which is interfering.
Often it's not enough to disable such programs since they are running as a service at Kernel-level.
After disabling you should also try to reboot your system. Also make sure that after rebooting no component of the security software is active.

DarknessStorm

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-23, 14:18

Isengrim wrote:What are the technical details shown on that page? Is it the same error code for every site you have this issue with?

Code: Select all

www.youtube.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: SEC_ERROR_UNKNOWN_ISSUER)
probably the same, but on some sites i can manually add exception, like this:
Image
@gepus
i tried to launch pm in a clean system (win7 x64) without any security/firewall software (with disabled win-built-in ofc) and got the same problem

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-23, 17:05

Perhaps something at the router/network level is mucking with your traffic?

If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

DarknessStorm

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-24, 07:01

@Isengrim, i have no router, internet cable plugged-in directly to my network card.
youtube has no choice, only "get out of here"
and yes, i'm 100% sure that it is the true youtube and other sites with such issue (the sites are not compromised)
my only wish is to get rid of this Untrusted window shit at all. (probably with changing something in about:config, but what...)
Last edited by DarknessStorm on 2018-10-24, 07:03, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: This Connection is Untrusted

Unread post by Moonchild » 2018-10-24, 07:19

If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
This would be a great help to know what breaks your trust chain.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

yami_

Re: This Connection is Untrusted

Unread post by yami_ » 2018-10-24, 08:30

DarknessStorm wrote:my only wish is to get rid of this Untrusted window shit at all. (probably with changing something in about:config, but what...)
You can not disable that:
IETF wrote:Error handling in the TLS Handshake protocol is very simple. When an
error is detected, the detecting party sends a message to the other
party. Upon transmission or receipt of a fatal alert message, both
parties immediately close the connection. Servers and clients MUST
forget any session-identifiers, keys, and secrets associated with a
failed connection. Thus, any connection terminated with a fatal
alert MUST NOT be resumed.
[...]
The following error alerts are defined:
[...]
unknown_ca
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA. This
message is always fatal.

DarknessStorm

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-24, 15:27

You can not disable that
hmm... but why then my installed palemoon (27.8.3) is alright and i didn't ever see this Untrusted window?
btw, it's the same system and config.
Moonchild wrote:
If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
This would be a great help to know what breaks your trust chain.
ok, just for an example (because as i said - that window-with possibility to add exception or not-appears VERY often. i think in 90% of cases)
http://dl4.joxi.net/drive/2018/10/24/00 ... b4badb.png
Last edited by DarknessStorm on 2018-10-24, 15:32, edited 1 time in total.

jimmyd

Re: This Connection is Untrusted

Unread post by jimmyd » 2018-10-24, 15:36

Moonchild wrote:
If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
This would be a great help to know what breaks your trust chain.
I just developed this exact same issue on Palemoon for Linux. Bizarrely, it is happening on a site I frequent daily that is not SSL encrypted! It seems to be a problem with a Cloudlare SSL certificate issued via Comodo.

ssl919196.cloudflaressl.com
02:36:AA:64:52:E1:81:21:E4:C2:DC:BE:1D:AA:18:B0

If I try to access the site via TBB Tor just hangs and won't do anything.

So this looks like a Cloudflare problem.

yami_

Re: This Connection is Untrusted

Unread post by yami_ » 2018-10-24, 15:51

This is definitely not the certificate that you should see, the correct one's SHA-256 fingerprint is B3:D7:DF:14:FA:2F:46:DF:D4:62:42:12:66:1B:88:DF:48:A3:CA:82:2B:99:B3:04:6D:A7:3B:B7:EE:FC:FF:00. If the other Pale Moon installation opens affected web pages it probably means that it has a CA certificate installed that makes browser think that everything is fine.
The easiest solution to this problem is disabling the software that is performing the MITM attack.
Last edited by yami_ on 2018-10-24, 19:24, edited 3 times in total.

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2183
Joined: 2018-05-05, 13:29

Re: This Connection is Untrusted

Unread post by vannilla » 2018-10-24, 15:56

The certificate has been replaced somehow.
Under normal circumstances, you should get a certificate from Yandex CA, not Adguard Personal CA.
Do you use any particular security software? If so, it probably replaced your certificates in one way or another.

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread post by Isengrim » 2018-10-24, 16:14

The fact that the certificate is being issued by "Adguard Personal CA" means Adguard is causing the issue. I would disable this filtering being done by Adguard if at all possible.

Is Adguard an add-on? If so, try disabling it (or running the browser in Safe Mode) and see if the problem persists.
Last edited by Isengrim on 2018-10-24, 16:14, edited 1 time in total.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

DarknessStorm

Re: This Connection is Untrusted

Unread post by DarknessStorm » 2018-10-24, 16:26

@yami_
Thx a lot! I totally forgot about installed adguard in background. Seems some of its components worked even with disabled protection (needed completely exit)

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 938
Joined: 2017-12-14, 12:59

Re: This Connection is Untrusted

Unread post by gepus » 2018-10-24, 17:53

Isengrim wrote:Is Adguard an add-on?
It's a third party security software that needs system wide installation and acts as a filtering local proxy. :lol:
https://kb.adguard.com/en/windows/solvi ... ot-trusted

yami_

Re: This Connection is Untrusted

Unread post by yami_ » 2018-10-24, 18:44

DarknessStorm wrote:@yami_
Thx a lot! I totally forgot about installed adguard in background. Seems some of its components worked even with disabled protection (needed completely exit)
No problem. If you want to read more about HTTPS filtering Moonchild has written about it in the past: viewtopic.php?f=24&t=14122.

Locked