Oddities since early Oct 2023 Update

[joyspring7]

I went through the recent update first week of October. Since then, on start up (opening Pale Moon) this is what I get.

This Connection is Untrusted

You have asked Pale Moon to connect securely to palemoon.start.me, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.


When I attempt to use Pale Moon browser to go where I normallly go (and have for 4 years) this is what I get.

This Connection is Untrusted

You have asked Pale Moon to connect securely to palemoon.start.me, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. Add Exception.


What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

If you understand what's going on, you can tell Pale Moon to start trusting this site's identification. Even if you trust the site, this error could mean that someone is tampering with your connection.

Don't add an exception unless you know there's a good reason why this site doesn't use trusted identification.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

login.wwdb.org uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

(Error code: SEC_ERROR_UNKNOWN_ISSUER)

[Moonchild]

This is normally a indication that something on your system is intercepting all https connections. A regular occurrence of this is your antivirus/internet security software.
This is generally a bad idea, because it prevent you from verifying that connections outbound are actually secure. For more details about this see this FAQ entry.

There are two ways you can deal with this:

• Exclude Pale Moon in your antivirus software for "web filtering" or what not, or, if that can't be controlled on a per-application basis in your antivirus, disable https/web filtering altogether.
• Install the issuer certificate in Pale Moon's certificate store that allows the antivirus software's intercepted connections to work. This isn't recommended because you're implicitly offloading all SSL/TLS security checking to something that's not interactive and would blanket-approve the security of all websites. In addition, AV web filters have a pretty bad track record for their outbound connection security.

[f-117]

I think I am having a similar problem...

I have been trying to access https://www.cybermodeler.com for the past two weeks, and I keep getting an error that says...

"www.cybermodeler.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
(Error code: SEC_ERROR_UNKNOWN_ISSUER)"

I have cleared my cache and tried the site in safe mode and still get the message. I even temporarily disabled my AV (avast) and my firewall. No luck. I also disabled my UBo. No luck.

There is nothing mentioned on their FB page either.

I contacted the website owner and was told there was no problem with the site certificate.

This is happening in Basilisk and Watewrfox as well. (Just for laughs, I tried it in IE and it does work)

Scott

[Nigaikaze]

I contacted the website owner and was told there was no problem with the site certificate.

There certainly is a problem with their certificate: the certificate chain is misconfigured. Show them this if they need further info:

https://www.ssllabs.com/ssltest/analyze ... odeler.com

[f-117]

WOW! That's a lot of info to swallow....

I will forward the information and see what he says.

To be continued...

Scott

[Moonchild]

WOW! That's a lot of info to swallow....

The TL;DR of it is that they have set up their TLS (https) pretty decently, but they have an issue with their certificate installed in their web server. The webmaster should be able to solved this in 5 minutes if they have the required knowledge to run an https server