“Untrusted Connection” error in Firefox & Intermediate Certificates

There are many reasons why you may see an SSL error, some of which will vary by browser. Even if the SSL certificate is installed correctly, you are not necessarily in the clear. One of our password reset customers experienced the dreaded “Untrusted connection” error when browsing to the password reset web on their Android device. We reproduced the condition using Firefox, but the same could not be reproduced in Chrome, IE, or Edge. So, what gives?

Firefox displays the aforementioned error if the server does not send a required intermediate certificate. Firefox uses a different certificate store than Chrome, IE, and Edge. The latter use the Windows certificate store, while Firefox uses its own. This means that Chrome, IE, and Edge have the certificates needed to complete the chain of trust from your certificate back to the root certificate, even if the intermediate certificate is not present. Firefox is unable to complete the chain without the intermediate certificate.

We confirmed the issue using digicert’s certificate tool (https://www.digicert.com/help/). The customer simply needed to install the intermediate certificate on their web server using Certificates MMC, and add it to the Local Computer store in the Intermediate Certification Authorities folder.

certificates

If the web server is being published to the internet via a reverse proxy, e.g. Citrix Netscaler, Sophos UTM etc., the intermediate certificate should also be installed on those systems as well.

If the intermediate certificate is not installed into Firefox’s Certificate manager, or has not been installed in the correct store on the webserver or reverse proxy, then the client browser/system will not trust that connection, as it cannot complete the certificate chain. The screenshot below shows that the certificate has been correctly installed in the Firefox cert store.

certificate-manager

If all the steps have been completed correctly, you will no longer see the warning page on Firefox.

(Last updated on August 9, 2023)

Tags: , ,

darren james

Written by

Darren James

Darren James is a Senior Product Manager at Specops Software, an Outpost24 company. Darren is a seasoned cybersecurity professional with more than 20 years of experience in the IT industry. He has worked as a consultant across various organizations and sectors, including central and local governments, retail and energy. His areas of specialization include identity and access management, Active Directory, and Azure AD. Darren has been with Specops Software for more than 12 years and brings his expertise to the support and development of world-class password security and authentication solutions. 

Back to Blog