Firefox SEC_ERROR_UNKNOWN_ISSUER — Certificate Authority Not Recognized
About Firefox SEC_ERROR_UNKNOWN_ISSUER
Fix Firefox SEC_ERROR_UNKNOWN_ISSUER error when Firefox does not recognize the certificate authority that signed the site's SSL certificate. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: Firefox uses its own certificate store (not the OS store like Chrome). SEC_ERROR_UNKNOWN_ISSUER means the CA that signed the certificate is not in Firefox's trust store. Common with corporate MITM proxies, self-signed certificates, and missing intermediate certificates. Firefox shows 'Warning: Potential Security Risk Ahead' with this error code. Unlike Chrome, Firefox may not trust certificates that are trusted by the OS. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: Corporate HTTPS inspection proxy using a certificate Firefox does not trust. Server missing intermediate certificate in the certificate chain. Self-signed certificate not added to Firefox's certificate manager. Antivirus HTTPS scanning injecting its own CA certificate. Expired or revoked CA certificate in the chain. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: For corporate proxy: import the proxy's CA certificate into Firefox — Settings > Privacy > Certificates > View Certificates > Import. Enable OS certificate trust: about:config > security.enterprise_roots.enabled > true. For antivirus: disable HTTPS scanning in antivirus settings, or import its CA into Firefox. Ask the server admin to fix the certificate chain (include intermediate certificates). Verify the issue: check ssllabs.com/ssltest for the site's certificate chain. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Browser Errors collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
Why does Firefox show this error but Chrome does not?
Firefox uses its own certificate store. Chrome uses the OS store. If a CA is in the OS store but not Firefox's, only Firefox will show the error.
Overview
Fix Firefox SEC_ERROR_UNKNOWN_ISSUER error when Firefox does not recognize the certificate authority that signed the site's SSL certificate.
Key Details
- Firefox uses its own certificate store (not the OS store like Chrome)
- SEC_ERROR_UNKNOWN_ISSUER means the CA that signed the certificate is not in Firefox's trust store
- Common with corporate MITM proxies, self-signed certificates, and missing intermediate certificates
- Firefox shows 'Warning: Potential Security Risk Ahead' with this error code
- Unlike Chrome, Firefox may not trust certificates that are trusted by the OS
Common Causes
- Corporate HTTPS inspection proxy using a certificate Firefox does not trust
- Server missing intermediate certificate in the certificate chain
- Self-signed certificate not added to Firefox's certificate manager
- Antivirus HTTPS scanning injecting its own CA certificate
- Expired or revoked CA certificate in the chain
Steps
- 1For corporate proxy: import the proxy's CA certificate into Firefox — Settings > Privacy > Certificates > View Certificates > Import
- 2Enable OS certificate trust: about:config > security.enterprise_roots.enabled > true
- 3For antivirus: disable HTTPS scanning in antivirus settings, or import its CA into Firefox
- 4Ask the server admin to fix the certificate chain (include intermediate certificates)
- 5Verify the issue: check ssllabs.com/ssltest for the site's certificate chain