Jump to content
l1511s

"Your connection is not secure Error code: sec_error_unknown_issuer" Firefox Problem with kapersky [KAV/KIS/KTS 2018]

Recommended Posts

Hey Folks,

This has something to do with HISTORY section of security/privacy settings.

I did my instructions above, but then found the same troubles re-appeared after some time.

*** It appears the cookie expiration time may be related, since I noticed when I cleared out my history (ctrl-shift-del) the problem came back immediately. ***

I note that, if I clear out history, I then have to re-enter my master password, so this was related.

I also changed the setting of cookie from Keep: "until they expire" to "until I close Firefox", and the problem reappeared immediately.

I changed it back to keep "until they expire", and then was able to exit Firefox and restart with no problem occurring with the certs.

However, if I close and come back later, the problem has re-appeared after some time.

=D

Edited by TechMoon
clarify opening statement

Share this post


Link to post

Just today can not connect to some sites with Firefox  Ver,58.0.2 that previously worked perfectly, however no problems with  iE11.

EG. The message is "Your connection is not secure"  + "The owner of forum.kaspersky.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."        and further explanation

forum.kaspersky.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.

Error code: SEC_ERROR_UNKNOWN_ISSUER

If Kasperky disabled all OK. but to risky to disable therefore have to resort to using IE11.

Has anyone else have this problem or have they solved it and how.

Thanks in advance !

 

 

Edited by Titan76

Share this post


Link to post

For temporary workaround you can read the following message.

 

Edited by JaManU

Share this post


Link to post

I'm also having this problem on Windows 10 Pro 64-bit with FF 58.0.2 with master password enabled (but it started before the last FF update). I originally found the thread here due to the Mozilla thread here: https://support.mozilla.org/en-US/questions/1202457.

Only solution I have found so far is the "security.enterprise_roots.enabled = true". Reading this thread it sounds like the "g" patch doesn't resolve this issue. Are there any further updates? I have also been looking at the Kee extension as another solution which simply bypasses the built in password manager iun favour of KeePass but that is a lot more cumbersome

Edited by Morpheus

Share this post


Link to post

Running KTS2017 for over 11 months - no problems

Now most searches and sites get “Your connection is not secure”, for example:-

www.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

This started happening immediately after upgrade Firefox to 58.0.2 which to my knowledge was the only change to my machine recently.

Mozilla’s answer is to check “do not scan encrypted connections”  in KTS 2017 which then gets a warning about reducing security but it does allow me to search and browse without the error.

Unfortunately this then makes Safe Money unavailable because Safe Money (which I use a lot) requires scanning of encrypted connections.

I’ve tried just about every suggestion or recommendation I could find, reinstalled KTS and Firefox, set FF to no proxy, recreated certificates. I don’t want to run with reduced security and I use Safe Money a lot.

My KTS license is due to expire in 17 days so can’t decide whether to renew.

Another machine with latest FF is fine ! Anyone got any ideas?

Share this post


Link to post

Looks like the issue has been finally resolved.  I was asked to perform a few steps as a test and now I am able to run KIS 2018 (revision "g") under Windows 7 x64 with Firefox 58.0.2 x64 with Master Password on without the annoying error message that's annoyed many of us recently.  This was all done with the "security.enterprise_roots.enabled" setting reset to the default "false".  I'll leave it up to Kaspersky as to when they will make the solution available as a test or as part of an official revision of their current products, but the fix has definitely been found.

Share this post


Link to post

The fix is done for the next product patch. It should be released in next 1-2 weeks.

Share this post


Link to post

Looks like I may have spoken too soon.  I'm now getting hammered with error messages from Kaspersky (see attached) which are affecting every site I try to access via HTTPS and even if I close off Kaspersky, the old error message is back again (changing security.enterprise_roots.enabled back to true resolves that).  Kaspersky is also constantly saying an update hasn't been done for a long time which stays even if I manually update.  Tried rebooting but problem remains.  Currently closed Kaspersky to post this update and will reboot again and see how I go but it looks like the fix may be worse than the problem as it now appears to be affecting all sites outside of Firefox?

Update:  I was incorrect with the above and the error message only happens in Firefox with the security.enterprise_roots.enabled setting set back to default.  If changed to true, the problem stops.  A second reboot made no difference and Kaspersky is still claming that update has not been run for a long time (despite it having automatically updated 7 minutes prior).

kaspersky_error_during_encrypted_scan.png

Edited by snask
Updated information correcting previous comments.

Share this post


Link to post

Quick update at 02:47 GMT 2018/02/14:  The issue of Kaspersky saying its databases have not been updated for a long time has been fixed.

Share this post


Link to post

Just tried Firefox x64 58.0.2 with "security.enterprise_roots.enabled" reset to default of "false" and the problem of "Error during encrypted connection scan" appears to have been fixed.

Share this post


Link to post

Both problems have returned this morning.  Set security.enterprise_roots.enabled back to True and I think this time it's staying that way!

Share this post


Link to post

Hi!
solved by removing master password in FF.

 

Worked till today!

On 13.2. Updated Firefox ver. 58.0.2 64bit
On 14.2. updated KIS to 18.0.0.405 (f)

 

I have AO Kaspersky certificate in firefox enabled.
Tried to reinstall it but in latest ver. of Kis there is no possibility; also couldn’t find it anymore in

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0

 

Please instructions…coment.

Share this post


Link to post

Yeah i had it all back this morning (annoying!)  my security.enterprize was still set to true. I set it back to false and then to true again and then all was well. Not sure why that should fix it tbh. (not rebooted since)

 

Is there anything I could have accidentally clicked on when multiple boxes were popping popping up asking for exclusions this morning. Youtube is giving me adverts now?

Edited by Allsoulsday

Share this post


Link to post

@Mefodys: is there any solution to this issue for KIS in macOS? any upcoming patch? I have an user in a different forum with Kaspersky IS 18.0.1.35(a.b) + FireFox and getting the issue, temporal workarounds posted here don't work for him...

Share this post


Link to post

I deleted Kaspersky certificate in Firefox and it is working (tools / options / privacy & security / view certificate )
Master Password still to OFF.
Security level reduction?
:huh:

 

following my previous post...Kis certificate is still there  C:\ProgramData\Kaspersky Lab\AVP18.0.0\Data\Cert.. took the wrong path from the net..

 

Share this post


Link to post

Sorry to say that today my KIS 2018 install was officially updated to patch "G" (I had recently uninstall and reinstalled KIS2018 to go back to patch "F") and as soon as I reset security.enterprise_roots.enabled back to the default false in Firefox's about:config, the pop up messages about "Error during encrypted connection scan" continue to be received.  Once I click "ignore" on them and return security.enterprise_roots.enabled back to "true" the errors stop.

Share this post


Link to post

Patch G fixed "Your connection is not secured" on KTS 18.0.0.405 with master password ON and security.enterprise_roots.enabled FALSE on Windows 10 x64 1709 16299.248

Thank you Kaspersky.

Share this post


Link to post

snask, please create a request to Tesh support via my.kaspersky.com

Tell me the INC number.

Thanks!

p.s. if the patch G does not fix the issue, then it seems the issue is different from the originaly fixed. 

Share this post


Link to post
18 часов назад, harlan4096 сказал:

@Mefodys: is there any solution to this issue for KIS in macOS? any upcoming patch? I have an user in a different forum with Kaspersky IS 18.0.1.35(a.b) + FireFox and getting the issue, temporal workarounds posted here don't work for him...

Hello, my friend!

It will be fixed in the KIS 19 for Mac and in the new patch for KIS\KSC 18 for Mac. But there is no ETA, at the moment.

 

Share this post


Link to post
On 2/10/2018 at 2:32 PM, Morpheus said:

I'm also having this problem on Windows 10 Pro 64-bit with FF 58.0.2 with master password enabled (but it started before the last FF update). I originally found the thread here due to the Mozilla thread here: https://support.mozilla.org/en-US/questions/1202457.

Only solution I have found so far is the "security.enterprise_roots.enabled = true". Reading this thread it sounds like the "g" patch doesn't resolve this issue. Are there any further updates? I have also been looking at the Kee extension as another solution which simply bypasses the built in password manager iun favour of KeePass but that is a lot more cumbersome

Open Firefox Certificate Store and remove exsisting AO Kaspersky Lab Certificate. Then click on Import and add C:\ProgramData\Kaspersky Lab\AVP18.0.0\Data\Cert1.cert, select first or all three checkboxes. Report status after please.

Share this post


Link to post
17 hours ago, Mefodys said:

snask, please create a request to Tesh support via my.kaspersky.com

Tell me the INC number.

Thanks!

p.s. if the patch G does not fix the issue, then it seems the issue is different from the originaly fixed. 

My apologies.  I just reset security.enterprise_roots.enabled back to default false, tried some HTTPS sites and everything works as it should.  Tried rebooting twice and each time loaded up some more sites without issue.  Not sure what I did wrong the other day but perhaps I should've rebooted.  It did say I had patch "G" though.  Anyway, please disregard.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.