“Untrusted Connection” error in Firefox & Intermediate Certificates

There are many reasons why you may see an SSL error, some of which will vary by browser. Even if the SSL certificate is installed correctly, you are not necessarily in the clear. One of our password reset customers experienced the dreaded “Untrusted connection” error when browsing to the password reset web on their Android device. We reproduced the condition using Firefox, but the same could not be reproduced in Chrome, IE, or Edge. So, what gives?

Firefox displays the aforementioned error if the server does not send a required intermediate certificate. Firefox uses a different certificate store than Chrome, IE, and Edge. The latter use the Windows certificate store, while Firefox uses its own. This means that Chrome, IE, and Edge have the certificates needed to complete the chain of trust from your certificate back to the root certificate, even if the intermediate certificate is not present. Firefox is unable to complete the chain without the intermediate certificate.

We confirmed the issue using digicert’s certificate tool (https://www.digicert.com/help/). The customer simply needed to install the intermediate certificate on their web server using Certificates MMC, and add it to the Local Computer store in the Intermediate Certification Authorities folder.

certificates

If the web server is being published to the internet via a reverse proxy, e.g. Citrix Netscaler, Sophos UTM etc., the intermediate certificate should also be installed on those systems as well.

If the intermediate certificate is not installed into Firefox’s Certificate manager, or has not been installed in the correct store on the webserver or reverse proxy, then the client browser/system will not trust that connection, as it cannot complete the certificate chain. The screenshot below shows that the certificate has been correctly installed in the Firefox cert store.

certificate-manager

If all the steps have been completed correctly, you will no longer see the warning page on Firefox.

(Last updated on August 2, 2018)

Tags: , ,

darren james

Written by

Darren James

Darren James is a Product Specialist and cyber security expert at Specops Software. He works as a lead IT engineer to help customers reduce costs, improve security and increase productivity. He holds Microsoft certifications within IT Service Management, O365, Enterprise Administrator, Server Administrator and Security. Darren has more than 25 years’ experience working in technical IT roles, centering around Active Directory, IT security, cloud, larger-scale migrations, integrations and identity and success management.

Back to Blog