How to Fix: Firefox 'This connection is untrusted' (appears Randomly)

Dennis Faas's picture

Infopackets Reader Gord F. writes:

" Dear Dennis,

I have a very vexing issue. For the last few weeks, Firefox randomly produces a 'This connection is untrusted' message whenever I try to sign out of my Outlook email account (outlook.live.com), or when I visit other secure websites. It seems to work one minute, then it won't work the next. If I shut down and restart the computer the 'This connection is untrusted' error disappears, only to pop up again the next time I visit a secure website at some point in the day.

When I see a 'This connection is untrusted' message, I've clicked the 'Technical Details' link to get more information. Two of the most prominent error messages are: SSL SEC_ERROR_INVALID_KEY and SSL_ERROR_BAD_CERT_DOMAIN.

I have read both your articles on fixing bad security certificates including 'How to Fix: There is a problem with this website's security certificate Error in IE, Edge' and 'How to Fix: Java Expired or not-yet-valid Certificate Error' for hints on how to resolve my issue, but none of these articles apply.

Some of the websites I've visited suggest it is possible to get around the 'This connection is untrusted' error by adding security exceptions to Firefox - however, the 'This connection is untrusted' error appears on almost every HTTPS website I visit! Besides that, the fact that I receive a 'This connection is untrusted' error makes me wary about adding an exception. What if these connections really aren't secure? Has my computer been hacked? I would be forever grateful if you could help me with this problem. "

My response:

You are correct with respect to the last comment - adding a security exception to Firefox just to circumvent the 'This connection is untrusted' error is usually a very, very, very bad idea!

The ONLY time you should add a security exception is if you explicitly know the website you're connecting to is in fact secure and your system has not been compromised. That said, the only time where scenario may be plausible is for a work-related activity on a website / server that is related to your work.

For example, I own this website and have generated my own HTTPS security certificates for my own experimental reasons (and because real HTTPS certificates cost money!). In this instance, some of my HTTPS certificates have expired with the SEC_ERROR_EXPIRED_CERTIFICATE error (because certificates are only good for a period of time) - so in my case, adding an exception to Firefox is OK because I know for a fact that it's my website I'm connecting to, and those are my certificates which have expired but are still valid.

Do not Add Exception when you see "This connection is untrusted"

Generally speaking, however, adding an HTTPS exception to a website when you see 'This connection is untrusted' is not advisable for security reasons. For example, your browser's root certificates could have been compromised due to a malware attack; if that was the case, it may be possible for hackers to redirect your PC to any malicious website at random - and even fake your online bank website, in order to steal your passwords and personal information. This was certainly the case with Dell PC's back in 2015, and somewhat similarly with Lenovo, too.

With that detailed explanation out of the way, I asked Gord if he would like me to connect to his PC using my remote desktop support service in order to have a closer look at his Firefox 'This connection is untrusted' problem. Gord agreed and was able to easily replicate the error in which 'This connection is untrusted' kept appearing at random.

How to Fix: Firefox 'This connection is untrusted' (appears Randomly)

Here are the steps I used to troubleshoot and resolve Gord's issue:

  1. The first thing to note is that certificates are related to date and time - if they are dramatically out of sync (by a month, year, etc) then you will certainly see a 'This connection is untrusted' error, likely with an SEC_ERROR_EXPIRED_CERTIFICATE under the 'Technical details' link. That said, the first thing I did was check to ensure Gord's date and time were correct, and they were.
     
  2. The next thing I did was Refresh Firefox. This is sort of like reinstalling Firefox and is used if Firefox isn't working properly. A Firefox Refresh essentially disables all plugins and resets Firefox's settings. I did this by clicking the Help -> Troubleshooting Information menu, then on the top right of the screen under the heading "Give Firefox a Tuneup", I clicked the link "Refresh Firefox..." Unfortunately, this didn't work either.
     
  3. Since the Firefox Refresh didn't work, the next thing I did was reinstall Firefox. To do so, I uninstall Firefox, downloaded the Firefox setup.exe stub file, then reinstall it. Unfortunately, this didn't work either.
     
  4. At this point I figured that perhaps Gord's root certificates were corrupted or compromised. Without getting overly technical, root certificates are used in a 'chain of trust' - they identify certificate authorities used to determine if websites are in fact secure. If the root certificates are compromised, then the certificate authorities could be compromised as well, which could then point your web browser to malicious websites without even alerting you that the websites were in fact malicious. Since I uninstalled and reinstalled Firefox, I figured that the root certificates would be reset, but in fact they were not - they appeared to be copied over from Gord's previous user profile (as were his bookmarks).

Resetting Firefox's Root Certificates (Cert8.DB and Cert_Override.TXT)

After a bit more research I came across a post online that explained how to reset Firefox's root certificates given the current user profile. This is the step that solved the issue - though I recommend you try the above steps, first.

  1. You will need to close Firefox in order to proceed; I suggest you bookmark this page now so you can come back to it if you need to.
     
  2. Next, copy the URL of this page into your clipboard. To do so: go to the top of the Firefox window where the website address is located, then left click once to place the cursor on the line. Then, press CTRL + A to select the entire URL, then press CTRL + C to copy the URL into your clipboard. Next, launch Internet Explorer or Edge, and paste the URL into the other browser so you can keep reading these instructions while Firefox is closed. To do so: go to the address line in Edge or Internet Explorer and left click once to place your cursor on the line. Next, press CTRL + A to select the entire URL, then DEL to delete it, then CTRL + V to paste the URL you copied from your clipboard onto the browser address line. Finally, press ENTER on the keyboard to go to the page.
     
  3. Close the Firefox browser, then highlight the text below with your mouse:

    %appdata%\Mozilla\Firefox\Profiles
     
  4. Right click over top of the above highlighted text, then select "Copy" from the dialogue menu. Next, click the Start button, then press CTRL + V. This will paste "%appdata%\Mozilla\Firefox\Profiles" into the Start menu. Press Enter to open the folder using Windows Explorer.
     
  5. You should now see a Windows Explorer window open, with the parent folder being "C:\Users\<< your user name >>\AppData\Roaming\Mozilla\Firefox\Profiles" visible. The window should contain a folder (or more than one folder) with a randomly generated name with the extension .default; for my example, my default Firefox folder profile was: v037mgpy.default. If you have more than one .default folder here, you will need to select the one with the most recent date, as that will be the one you're currently using. Double click on that folder to open it.
     
  6. Scroll down the file list and file 'cert8' and 'cert_override' (if it exists) and delete both the files. These are the root certificate files fore Firefox and are likely corrupt. When you restart Firefox, these files will be regenerated.
     
  7. Launch Firefox and try to visit a page (with HTTPS) that was giving you problems. The problem should now be fixed.
     
  8. You might want to run a malware scan on the system to ensure that malware isn't the reason for infecting your browser in the first place (and possibly corrupting your root certificates). I can help with this if needed - refer to the "Additional 1-on-1 Support" section below.

I hope that helps and your problem is fixed. If it is not, you are welcome to contact me for additional support, described next.

Additional 1-on-1 Support: From Dennis

If all of this is over your head, or if you still can't fix the 'This connection is untrusted' error message, I can help using my remote desktop support service. Simply contact me briefly describing your problem, and I'll get back to you as soon as possible.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 4.5 (8 votes)

Comments

josephbleau22_3750's picture

Here is an alternate way to find and open the profile folder.
In FireFox, open the Help Menu
(Click on the "Hamburger Icon", then select the ? icon)
Click on "Troubleshooting Information"
Click on "Open Folder", beside "Profile Folder"

Now you can close FF, and make the required adjustments.
kk