What does security.enterprise_roots.enabled do?

It tells Firefox to also trust certificates from the Windows/Mac OS certificate store, matching Chrome's behavior.

Is it safe to add an exception for this error?

Only if you know and trust the site (corporate intranet, your own server). Never add exceptions for public websites — the certificate issue is a real security concern.

Firefox SEC_ERROR_UNKNOWN_ISSUER — Certificate Authority Not Recognized

Warningfirefox

Overview

Fix Firefox SEC_ERROR_UNKNOWN_ISSUER error when Firefox does not recognize the certificate authority that signed the site's SSL certificate.

Key Details

Firefox uses its own certificate store (not the OS store like Chrome)
SEC_ERROR_UNKNOWN_ISSUER means the CA that signed the certificate is not in Firefox's trust store
Common with corporate MITM proxies, self-signed certificates, and missing intermediate certificates
Firefox shows 'Warning: Potential Security Risk Ahead' with this error code
Unlike Chrome, Firefox may not trust certificates that are trusted by the OS

Common Causes

Corporate HTTPS inspection proxy using a certificate Firefox does not trust
Server missing intermediate certificate in the certificate chain
Self-signed certificate not added to Firefox's certificate manager
Antivirus HTTPS scanning injecting its own CA certificate
Expired or revoked CA certificate in the chain

Steps

1For corporate proxy: import the proxy's CA certificate into Firefox — Settings > Privacy > Certificates > View Certificates > Import
2Enable OS certificate trust: about:config > security.enterprise_roots.enabled > true
3For antivirus: disable HTTPS scanning in antivirus settings, or import its CA into Firefox
4Ask the server admin to fix the certificate chain (include intermediate certificates)
5Verify the issue: check ssllabs.com/ssltest for the site's certificate chain