Certificate errors since install of 28.8.0 (64-bit)
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Certificate errors since install of 28.8.0 (64-bit)
The title says it all. I am seeing quite a few certificate errors since my upgrade to 28.8.0 (64-bit). One example is reddit.com, another example is my bank (firststateks.com). Screen shots are attached. Both sites loaded fine in PM previous to the 28.8.0 upgrade, and still load fine in other browsers (Chrome, Edge). I am not behind a proxy.
Here's the troubleshooting steps I've tried so far, restarting Pale Moon before and after each step --
- Cleared all cache/history/cookies/site preferences.
- Restarted with no add-ons.
- Created a brand new PM profile -- still certificate errors.
Any help or suggestions would be appreciated.
Thank you!
--
Here's the troubleshooting steps I've tried so far, restarting Pale Moon before and after each step --
- Cleared all cache/history/cookies/site preferences.
- Restarted with no add-ons.
- Created a brand new PM profile -- still certificate errors.
Any help or suggestions would be appreciated.
Thank you!
--
Re: Certificate errors since install of 28.8.0 (64-bit)
I can get to reddit.com just fine.I am using linux with PM 28.8.0.Which preferences are you using in certificate manager.?
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: Certificate errors since install of 28.8.0 (64-bit)
Did your antivirus software intercept the https connection? ("https filtering" "web shield" or whatever else they might call it)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Certificate errors since install of 28.8.0 (64-bit)
Moonchild -- no, my antivirus does not monitor inbound or outbound connections to the PC.
Moonraker -- What settings should I check? I navigated to Preferences --> Advanced --> Certificates --> View Certificates, and I see the certificates and CAs, but apart from that, I'm not sure what I'm looking for.
Thanks.
Moonraker -- What settings should I check? I navigated to Preferences --> Advanced --> Certificates --> View Certificates, and I see the certificates and CAs, but apart from that, I'm not sure what I'm looking for.
Thanks.
Re: Certificate errors since install of 28.8.0 (64-bit)
Also check if date and time on your system is current.
Re: Certificate errors since install of 28.8.0 (64-bit)
The error is that the certificate issuer is unknown. The most common problem with that is something intercepting https and using a global wildcard certificate which is (obviously) never CA signed.
Other potential causes are already indicated in the error message itself: server operator error not having a proper chain of certificates offered is one, but I'm sure Reddit would have that in order, so it's very unlikely to actually be the case. Other potential issues could be a proxy setting or a problem with the browser installation.
so:
Please post the output of help->troubleshooting information.
Other potential causes are already indicated in the error message itself: server operator error not having a proper chain of certificates offered is one, but I'm sure Reddit would have that in order, so it's very unlikely to actually be the case. Other potential issues could be a proxy setting or a problem with the browser installation.
so:
I have to ask: are you absolutely sure about this? Especially since it was with an update of the browser, it may have triggered a "potentially untrusted" state for the browser subject to tighter scrutiny. Alternatively it's possible that the AV interfered with the actual update process and now being a mismatch of libraries causing connection errors...
Please post the output of help->troubleshooting information.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Certificate errors since install of 28.8.0 (64-bit)
When you tested in the new Profile, it was virgin?
What are your settings for; Tools | Preferences | Advanced -> Connection [Settings..] --> ?
What are your settings for; Tools | Preferences | Advanced -> Connection [Settings..] --> ?
-
- Moon Magic practitioner
- Posts: 2986
- Joined: 2015-09-26, 04:51
- Location: U.S.
Re: Certificate errors since install of 28.8.0 (64-bit)
- System date and time is correct, set by NTP. Good call on that one, though. I've had folks burned by that before.
- New profile was brand new, created by me without importing anything into it.
- I am sure my antivirus is not touching incoming/outgoing HTTPS connections, these same websites load normally in other web browsers.
- I am not using AdGuard.
- The new profile was brand new, created by me just for this troubleshooting.
Forgot to mention earlier, I'm on Windows 10 Enterprise 64-bit (Version 1809).
My troubleshooting info text is attached. I had to edit out a few of the printers listed, since they were specific to my work place.
Thank you!
- New profile was brand new, created by me without importing anything into it.
- I am sure my antivirus is not touching incoming/outgoing HTTPS connections, these same websites load normally in other web browsers.
- I am not using AdGuard.
- The new profile was brand new, created by me just for this troubleshooting.
Forgot to mention earlier, I'm on Windows 10 Enterprise 64-bit (Version 1809).
My troubleshooting info text is attached. I had to edit out a few of the printers listed, since they were specific to my work place.
Thank you!
- Attachments
-
- Nick_TroubleshootingInfo.txt
- Troubleshooting info
- (13.21 KiB) Downloaded 9 times
Re: Certificate errors since install of 28.8.0 (64-bit)
The latter doesn't necessarily conclude the former. antivirus usually has special rules for handling mainstream software that might not apply to Pale Moon.
If you are on a work network, then your endpoint security solution may actually intercept secure connections from "unknown" applications, which may include a new version of the browser if not pre-announced.
You may want to ask your IT dept. at the workplace if this might be the issue.
Thanks for the troubleshooting info but there's nothing in there that points to a problem within the browser.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Certificate errors since install of 28.8.0 (64-bit)
Moonchild wrote: ↑2019-12-20, 16:31The latter doesn't necessarily conclude the former. antivirus usually has special rules for handling mainstream software that might not apply to Pale Moon.
If you are on a work network, then your endpoint security solution may actually intercept secure connections from "unknown" applications, which may include a new version of the browser if not pre-announced.
You may want to ask your IT dept. at the workplace if this might be the issue.
Thanks for the troubleshooting info but there's nothing in there that points to a problem within the browser.
I'm still bit skeptical, but I will definitely put the ask out there.
Thank you everyone for your help.
Re: Certificate errors since install of 28.8.0 (64-bit)
Not entirely sure what there is to be skeptical about -- if end-to-end encryption fails, Pale Moon will present you with an error. If it was a browser or server error, it would be reproducible by others as well (which doesn't seem to be the case) so the problem must lie on the path between browser and server, with the most likely location the work network or workstation setup.
It may help if you actually get the certificate information of the certificate that is presented (and that Pale Moon isn't trusting) to see which entity issued it.
It may help if you actually get the certificate information of the certificate that is presented (and that Pale Moon isn't trusting) to see which entity issued it.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Certificate errors since install of 28.8.0 (64-bit)
Good idea. How can I do that if Pale Moon doesn't load the site? If I click in the address bar where I'm normally able to inspect the cert, it says the standard "This website does not supply
identity information. Your connection to this website is not encrypted."
Thanks.
Re: Certificate errors since install of 28.8.0 (64-bit)
You may have to enable browser.xul.error_pages.expert_bad_cert in about:config first to get the option on the network error page to "add an exception".
Then visit the problematic site again, select "add exception" to open the exception dialog.
In that exception dialog you can then retrieve certificate information for the connection.
I know it's a bit of work to go through those hoops but they are there so people don't willy-nilly add exceptions for secure connections when they really shouldn't.
Then visit the problematic site again, select "add exception" to open the exception dialog.
In that exception dialog you can then retrieve certificate information for the connection.
I know it's a bit of work to go through those hoops but they are there so people don't willy-nilly add exceptions for secure connections when they really shouldn't.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite