A SEC_ERROR_UNKNOWN_ISSUER error code in Firefox indicates that a website is trying to use an SSL certificate issued by an untrusted issuer. The Public Infrastructure Key (PKI) is designed such that only trusted certificate authorities (CAs) can issue trusted certificates. CAs follow strict guidelines in this regard to make sure they’re doing their due diligence regarding validation and granting certificates in good faith. A SEC_ERROR_UNKNOWN_ISSUER message indicates that your certificate issuer isn’t trusted by your browser.
The same error code is also sometimes displayed with a message stating ‘warning: potential security risk ahead’. In some cases, you might as well face the error if your computer is infected with some sort of corruption error or a virus.
Below we have listed several effective troubleshooting solutions for you to resolve this issue, so let’s get right into it!
There may be a temporary bug in Firefox that is causing the issue. It is possible to resolve the issue by disabling extensions temporarily,. Doing so will reset the modules and give them a fresh start.
Here is what you need to do:
- Launch the Firefox browser and click on the hamburger menu at the top of the window to open its menu.
- Click on Addons in the context menu displayed.
- Lastly, disable each extension by flipping its switch to the off position and check if doing so resolves the issue.
Remove Third-Party Antivirus
Interruptions between the end-user and the server can also be caused by an overly protective antivirus program. Such programs prevent legitimate processes of the browser to complete successfully.
In the event that you are sure the website you’re trying to visit is legitimate, you can try disabling the third-party tool temporarily. This will help you identify if your antivirus program is the culprit behind the SEC_ERROR_UNKNOWN_ISSUER error. If it happens to be, you might want to replace it with another program.
Here is how you can do that:
- To open the Run dialog box, press the Windows key + R simultaneously.
- Type ‘appwiz.cpl’ in the text field of the dialog box and press Enter to open up the Programs and Features window.
- Inside the Programs and Features window, find the 3rd party suite you are currently using by scrolling down the list.
- Once you have located it, right-click on it and select Uninstall from the next context menu.
- When you get to the uninstallation menu, follow the instructions on the screen to proceed.
- Once done, restart your PC and check if the issue is resolved.
In case you do not want to completely remove your antivirus program, you have the option to disable the SSL scanning in your security software. Below we have listed the steps of doing so in Avast antivirus. Though the steps for different programs may differ, the basic principle remains the same.
- Launch Avast and navigate to Menu > Settings > Protection > Core Shields.
- Head over to Configure shield settings.
- Choose Web Shield and make sure that Enable HTTPS scanning is not selected.
Scan For Malicious Software
As we discussed earlier, it is common for errors like the SEC_ERROR_UNKNOWN_ISSUER code to occur after a malicious software infects your system. In this case, scanning your system for malicious software and then removing the ones found can do the trick for you.
Using the Windows Defender will allow you to do so, but should you require a program with more features, you can install a powerful third-party antivirus program for Windows 10 as well.
Disable Network Proxy (If Applicable)
Another possible cause of the SEC_ERROR_UNKNOWN_ISSUER issue is the host’s refusal to allow end-users to utilize VPN or proxy services. In order to check if this is the case, disable your network proxy and try accessing the desired website again. If the issue was being caused by your proxy service, then disabling it should do the trick for you.
Follow these step by step instructions to proceed:
- Open the Run dialogue box by pressing Windows key + R simultaneously.
- In the text field of the dialog box, type ‘ms-settings:network-proxy’ and press Enter to launch the Proxy tab of the Settings app.
- Now head over to the Manual Proxy Setup section.
- Navigate to the right-hand section of the screen and click the toggle beside Use a proxy server to deactivate it.
- Finally, restart your computer and wait for the operation to complete. Upon reboot, repeat the action that was previously causing the error and check if the issue persists.
You may also wish to remove your VPN client in an effort to resolve the issue.
Confirm That the Site Is Configured Correctly
When the SEC_ERROR_UNKNOWN_ISSUER error appears, on the Advanced button below it. Check if the error message states any one of the following:
- The certificate is not trusted because the issuer certificate is unknown.
- The server might not be sending the appropriate intermediate certificates.
- An additional root certificate may need to be imported.
If it does, then the intermediate certificate from the website is missing. If this scenario applies to you, follow the steps mentioned below to check if the site is configured correctly:
- Head over to the SSL Server Test page.
- Enter the hostname in the text field and hit Submit.
- If a message saying “Chain issues: Incomplete”displays, it indicates that no appropriate intermediated certificate exists. You should contact the website owners about this.
Create a New Firefox Profile
You might also face the SEC_ERROR_UNKNOWN_ISSUER error if your user profile of Firefox is corrupt. You can try creating a new user profile to fix this issue. Make sure to back up Firefox browser data and its extensions before proceeding.
If a corruption error within your user profile is the culprit, creating a new profile should resolve the issue for you.
Bypass the Warning
Do you see a message stating ‘The certificate is not trusted because it is self-signed’, after you click on the Advanced button? If yes, then this implies that a recognized certificate authority did not sign the certificate.
If this scenario is applicable, you can bypass the warning by clicking Accept the Risk and Continue on the “potential security risk ahead” page. Nonetheless, this is a risky step. This is why you should only proceed with it if it is absolutely clear that accessing the website will not put your system at risk.