Fix: Sec_Error_Cert_Signature_Algorithm_Disabled

Some users are seeing the Error Code: sec_error_cert_signature_algorithm_disabled when trying to visit certain websites from their FireFox browser. Most affected users report that the issue started occurring abruptly – prior to this, the web pages could be visited without issues.  The issue is reported to occur on both Windows and Mac computers.

Error Code: sec_error_cert_signature_algorithm_disabled

What is causing the ‘sec_error_cert_signature_algorithm_disabled’ error?

We investigated this particular issue by looking at various user reports and the repair strategies that most affected users have operated in order to resolve the issue. Based on what we gathered, there are several common culprits that are known  to trigger this particular error:

  • Intermediate certificate and exceptions are causing the error – Several affected users have managed to resolve the issue by editing the Firefox profile folder to disregard certificates and exceptions that might be causing the issue. The easiest way to do this is by deleting the cert_override.txt and editing the cert9.db or cert8.db file.
  • Adware app is causing the security prompt – E-rewards Notify App and a few other applications that serve as fronts for adware can also trigger this error message. Tracking them down and uninstalling them from your system will resolve the issue if this scenario is applicable.
  • Malware infection – As it turns out, browser hijackers are also confirmed to trigger this particular error message. In this case, using a specialized security scanner to remove the malware infection and reinstalling Firefox should resolve the issue.
  • HTTPS filtering is enabled on Avast – Avast has a long history of throwing false positives with Firefox because of its habit of sending out IIRC connection details. In this case, disabling HTTPS scanning should stop the false positives from appearing again.
  • Kaspersky Root Antivirus certificate is not installed on Firefox – If you’re using a 64-bit version of FireFox in conjunction with Kaspersky, chances are the issue is occurring because your Firefox installation is missing the antivirus root certificate. A quick trip to the Certificates menu should resolve the issue in this case.

If you’re currently struggling to resolve this Firefox issue, this article will provide you with several troubleshooting steps that other users in a similar position successfully used to get the issue fixed. The methods below are ordered by efficiency and severity, so please follow them in order until you stumble upon a fix that resolves the issue in your case.

Method 1: Renaming cert.db & deleting cert_override.txt

Several affected users have reported that the issue was resolved after they renamed the cert8.db or cert9.db file and deleting the cert_override.txt file from the Firefox profile folder. This operation will remove intermediate certificates and exceptions that Firefox currently stores, which should, in turn, resolve the sec_error_cert_signature_algorithm_disabled error.

Here’s a quick guide on how to do this:

  1. Open Firefox and click the Action button in the top-right corner of the screen. Then, click on Help, and choose Troubleshooting Information from the newly appeared menu.
  2. From the Troubleshooting Information screen, click the Open Folder button associated with the Profile folder.
  3. Once you’re inside you’re current Firefox Profile, go ahead and close the FireFox application so that we can operate the changes.
  4. Once Firefox is closed, right-click on cert9.db or cert8.db (depending on the Firefox version that you installed) and choose Rename. Next,  add a ‘.old‘ after the ‘.db’ extension and hit Enter to save your changes. This will instruct the browser to disregard the current Database file and create a new one at the next startup.
    Note: If you can’t see the extension of your files in File Explorer, go to the View tab (using the ribbon bar at the top) and make sure that the box associated with Hidden Items is checked.
  5. Then, right-click on the cert_override.txt and choose Delete to remove any intermediate certificates and exceptions that FireFox is currently storing.
  6. Once these two changes have been made, restart your Firefox browser and see if you’re still encountering the sec_error_cert_signature_algorithm_disabled error.
Renaming cert.db & deleting cert_override.txt

If you’re still seeing the same error message, move down to the next method below.

Method 2: Uninstalling the Adware app

There are several malware/adware products that are known to trigger this particular error message. While there are certainly other variations of this, the E-Rewards Notify App is by far the most commonly reported culprit when it comes to the sec_error_cert_signature_algorithm_disabled error.

Several affected users have reported that the issue was resolved after they used the Programs and Features window to uninstall the adware that is producing the error. Here’s a quick guide on how to do this:

  1. Press Windows key + R to open up a Run dialog box. Then, type “appwiz.cpl” and press Enter to open up the Programs and Features list.
    Type appwiz.cpl and Press Enter to Open Installed Programs List
  2. Once you get inside the Programs and Features window, skim through the list and see if you can find a suspicious program that might have been used as a front o install adware. Obviously, you should start looking for the E-Rewards Notify App since it’s the most popular adware variation known to produce this particular error.
    Note: It might help to via Installed On if you have a general idea when the issue started occurring.
  3. Once you see it, right-click on it and choose Uninstall. Then, follow the on-screen prompts to complete the uninstallation.
    Uninstalling the adware application
  4. Once the uninstallation is complete, restart your computer.
  5. At the next startup, see if the issue has been resolved by visiting the same webpages that we’re previously triggering the sec_error_cert_signature_algorithm_disabled error.

If you’re still seeing the same error message, move down to the next method below.

Method 3: Performing a malware scan

If you weren’t able to pinpoint and eliminate the adware/malware that was causing the issue, using a security scanner to identify the culprit is about your only choice by now. Several affected users have reported that a malware scan identified and eliminated a nasty browser hijacker.

Based on our personal experience, there are few better free security scanners capable of dealing with browser hijackers than Malwarebytes. To eliminate the possibility of a malware/adware causing the sec_error_cert_signature_algorithm_disabled error, follow this article (here) to initiate a deep scan with Malwarebytes.

Once the scan is complete, restart your computer and reinstall your Firefox browser at the next startup. This step is necessary because, in the event of a browser hijacker, some infected browser files will have been deleted in the cleaning process.

Method 4: Disabling HTTPS filtering  (Avast only)

As some users have reported, this particular issue can also occur if you’re using Avast! antivirus. Turns out that in some scenarios, Avast! might trigger a false positive thinking a MITM (man in the middle) is underway on your computer.

We investigated this possibility thoroughly and it turns out that AVAST! is notorious for sending out details of your connections (IIRC), which ends up triggering the sec_error_cert_signature_algorithm_disabled error in Firefox.

If this scenario is applicable to your current situation, you will be able to deal with the false positive by opening your Avast Settings, going to Main settings and ensuring that the checkbox associated with Enable HTTPS scanning is disabled.
Once the change has been operated, restart your computer and see if the issue has been resolved.

If this particular method wasn’t applicable, move down to the next method below.

Method 5: Manually Install Kaspersky’s antivirus root certificate in Firefox

If you’re using a 64-bit version of FireFox with Kaspersky, the  sec_error_cert_signature_algorithm_disabled error might occur because your Firefox installation is missing the antivirus root certificate.

Here’s a quick guide on fixing the issue if this scenario is applicable:

  1. Open Firefox, click the action button (top-right) corner, then click on Options.
  2. Inside the Options tab, click the Privacy & Security tab from the left-hand menu, then scroll down to Certificates and click on View Certificates.
    Viewing Certificates in Firefox
  3. Then, inside the Certificate Manager, click on the Authorities tab and click the Import menu.
    Importing the certificate
  4. Once you get to the import menu, paste the following location inside the address bar and press Enter. Then, select the Root Certificate from that folder and click Open.

    Importing the Personal Root Certificate
  5. At the confirmation window, make sure that all trust boxes are enabled before clicking Ok.
  6. Restart your browser and check if the issue has been resolved.

If you’re still encountering the sec_error_cert_signature_algorithm_disabled error, move down to the next method below.

Method 6: Adjusting the security.pki.sha1_enforcement_level value

Some affected users that had issues with accessing Facebook Workspace and a few other similar services have reported that the issue was resolved after they accessed the advanced settings of firefox and adjusted the Security Enforcement Level value.

This procedure will reconfigure your Firefox browser to accept SHA-1 certificates without any further checkups, which will end up eliminating the issue. However, going this route might leave your browsing sessions open to security attacks.

If you decide to go this route, here’s what you need to do:

  1. Open Firefox, type ‘about:config‘ in the navigation bar and press Enter to access the advanced settings.
  2. At the security prompt, click the I accept the risk! button.
  3. Once you’re inside the advanced settings of Firefox, type “security.pki.sha1” in the search box to locate the value that needs to be modified.
  4. Next, double click on security.pki.sha1_enforcement_level;3 and change it’s value to 4 before clicking Ok.
  5. Restart your browser and see if the issue has been resolved.
Adjusting the Security PKI SHA-1 value

Kevin Arrows

Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.