[rancid]

Hi,

I've been getting this error recently whenever I go to Tools -> Add-ons :

services.addons.mozilla.org:443 uses an invalid security certificate.
The certificate will not be valid until 14-Oct-08 9:40 PM.
(Error code: sec_error_expired_certificate)

I have searched this forum for solution and there were similar errors but were due to unsupported Add-ons. I do not have any unsupported add-ons installed and I'm on FF 3.0.3

I also have Webmail Notifier add-on installed and that too, is not working when it was previously.

I'm suspect that there could be some settings that's causing the certificate error and Webmail Notifier not to work. I have gone through Tools -> Options but not able to find anything that could have contributed to these issues.

Can someone help?

Thanks in advance.

[dickvl]

Check the date on your computer (double-click the clock on the Taskbar).

[rancid]

Thanks ! dickvl !..

you are right !!... the month was set as january instead of october...

you saved the day !!....

thank you very much !!!...

[dickvl]

You're welcome

[jau]

I'm also experiencing a problem with an error when attempting to update or install addons. When I select the Tools drop down menu, then Add-ons menu option, I get the following error message in a pop-up:

-----------------------------------------------
addons.mozilla.org:443 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is not trusted.

(Error code: sec_error_untrusted_issuer)
-----------------------------------------------

I'm really surprised that one of Mozilla's own sub-domains produces this error.

Steps to fix the problems to date include:

- totally uninstalling Firefox, including deleting directories, and reinstalling
- starting fresh with a new profile
- system date/time is correct and uses ntp synchronization to keep it correct.
- adding *.addons.mozilla.org as a certificate exception
- deleting all certificate exceptions

Any other suggestions to correct this problem? TIA

Something else: I don't get any graphics on HTTPS web pages that produce a certificate error, even after I add an exception. I don't use a proxy.

Even more problems: I received a certificate error when browsing directly to addons.mozilla.org, created a certificate exception even though I already did that prior, then attempted to install an addon from the website when I get the following error pop-up for ANY addon:
-------------------------
Firefox could not install the file at
https://addons.mozilla.org/en-US/firefo ... 0.0-fx.xpi
because: Invalid file hash (possible download corruption)
-261
-------------------------

[dickvl]

Did you check the firewall or router with a build-in firewall?
Some security software acts like a proxy and can cause similar issues as can happen with a proxy (two connections and that proxy sends a self generated certificate to Firefox).

[weaksauce]

just wanted to say thank you about the time change on the task bar... so obvious yet I probably wouldn't have thought of it. Good job. =)

[Guest]

yeah! nice 1 dickvl

[jau]

An update on my issue with graphics not being displayed on HTTPS pages.

I installed a Firefox extension called Perspectives (http://www.cs.cmu.edu/~perspectives/), which seems to have helped on some pages. I discovered that by right clicking on one of the blocked graphics on a HTTPS page, and selecting view image, that the Perspectives add-on checks the site and then permits it, over-riding the Firefox security errors. Then the HTTPS page reloads and looks normal.

This does have some concern for me as to what security is being by-passed, but I can at least login to websites that I need to access.

I have changed out my broadband firewall with three different models from Linksys, Netgear, Cisco, and IPCop and the problem exists with all the router/firewalls. I also disabled all local security software and the problem continues to exist. When I use MSIE, Opera, or Google's browser I do not experience this problem. So, my thought is that it's a Firefox issue. Oh, I might add that my ISP is Comcast.

My available time to troubleshoot this problem is limited, but I'll keep updating until I find a resolution.

[RogerC]

If you still get this error message after checking your date and time settings, try this:

1) Get the name of the certificate issuer from Details in the error pop-up (e.g. GeoTrust SSL CA).
2) Go to Tools>Options>Advanced>Encryption (tab)>View Certificates>Authorities (tab).
3) Find the issuer in the list and select it.
4) Click Edit Trust... and make sure "This certificate can identify web sites" is checked.

I had this problem and enabling all the GeoTrust certificates solved it.

[karlkras]

If you still get this error message after checking your date and time settings, try this:

1) Get the name of the certificate issuer from Details in the error pop-up (e.g. GeoTrust SSL CA).
2) Go to Tools>Options>Advanced>Encryption (tab)>View Certificates>Authorities (tab).
3) Find the issuer in the list and select it.
4) Click Edit Trust... and make sure "This certificate can identify web sites" is checked.

I had this problem and enabling all the GeoTrust certificates solved it.

Thanks for the information Roger, right on time!

[dickvl]

You shouldn't set trusted bits in intermediate certificates. That can make you highly vulnerable. You need to install the missing intermediate certificates and if necessary also the root certificate to make the chain complete.

[Thankfull]

If you still get this error message after checking your date and time settings, try this:

1) Get the name of the certificate issuer from Details in the error pop-up (e.g. GeoTrust SSL CA).
2) Go to Tools>Options>Advanced>Encryption (tab)>View Certificates>Authorities (tab).
3) Find the issuer in the list and select it.
4) Click Edit Trust... and make sure "This certificate can identify web sites" is checked.

I had this problem and enabling all the GeoTrust certificates solved it.

You sir are a genius ! I did what you said and finally got it fixed !!!!!!!

[LoudNoise]

If folks think the above advice it good they are very wrong. Note what dickvl wrote.

You shouldn't set trusted bits in intermediate certificates. That can make you highly vulnerable. You need to install the missing intermediate certificates and if necessary also the root certificate to make the chain complete.