Cara Mengatasi Sec_Error_Unknown_Issuer Pada Browser Firefox!


On websites which are supposed to lớn be secure (the URL begins with "https://"), Firefox must verify that the certificate presented by the website is valid. If the certificate cannot be validated, Firefox will stop the connection to lớn the website & show a "Warning: Potential Security Risk Ahead" error page instead. Clicking the Advanced button, you can view the specific error Firefox encountered.

Bạn đang xem: Cara mengatasi sec_error_unknown_issuer pada browser firefox!

This article explains why you might see the error codes SEC_ERROR_UNKNOWN_ISSUER, hostingvietnam.vn_PKIX_ERROR_MITM_DETECTED or ERROR_SELF_SIGNED_CERT on an error page and how lớn troubleshoot it.

For other error codes on the "Warning: Potential Security Risk Ahead" error page, see the What vì the security warning codes mean? article. For Secure Connection Failed or Did Not Connect: Potential Security Issue error pages, see the article Secure connection failed & Firefox did not connect.

Table of Contents

2 The error occurs on multiple secure sites2.1 Antivi khuẩn products3 The error occurs on one particular site only
What does this error code mean?

During a secure connection, a trang web must provide a certificate issued by a trusted certificate authority to lớn ensure that the user is connected khổng lồ the intended target & the connection is encrypted. If you cliông xã the Advanced button on a "Warning: Potential Security Risk Ahead" error page and you see the error code SEC_ERROR_UNKNOWN_ISSUER or hostingvietnam.vn_PKIX_ERROR_MITM_DETECTED, it means that the provided certificate was issued by a certificate authority that is not known by Firefox and, therefore, cannot be trusted by default.

The error occurs on multiple secure sites

If you get this problem on multiple unrelated HTTPS-sites, it indicates that something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox. The most comtháng causes are security software scanning encrypted connections, or malware listening in and replacing legitimate website certificates with their own. In particular, the error code hostingvietnam.vn_PKIX_ERROR_MITM_DETECTED indicates that Firefox detected connection interception.

Antivirut products

Third-tiệc nhỏ antivi khuẩn software can interfere with Firefox"s secure connections. You could try reinstalling it, which might trigger the software into lớn placing its certificates inkhổng lồ the Firefox trust store again.

We recommover uninstalling your third-tiệc ngọt software and using the security software offered for Windows by Microsoft:

If you vị not want to lớn uninstall your third-party software, you could try reinstalling it, which might trigger the software into placing its certificates into lớn the Firefox trust store again.

Here are some alternative sầu solutions you can try:


In Avast or AVG security products you can disable the interception of secure connections:

Open the dashboard of your Avast or AVG application. Go lớn Menu and cliông xã on Settings > Protection > Vi xử lý Core Shields. Scroll down to lớn the Configure shield settings section & clichồng on Web Shield. Uncheck the box next khổng lồ Enable HTTPS Scanning and confirm this by clicking OK.
In older versions of the product you"ll find the corresponding option when you go to Menu > Settings > Components and click Customize next to Web Shield

See the Avast tư vấn article Managing HTTPS scanning in Web Shield in Avast Antivirut for details. More Information about this feature is available on this Avast Blog.


In Bitdefender security products you can disable the interception of secure connections:

xuất hiện the dashboard of your Bitdefender application. Go khổng lồ Protection và in the Online Threat Prevention section cliông chồng on Settings. Toggle off the Encrypted Web Scan setting.
In older versions of the product you can find the corresponding option labelled Scan SSL when you go to Modules > Web Protection

In Bitdefender Antivirus Free it"s not possible khổng lồ control this setting. You can try lớn repair or remove sầu the program instead when you"re having problems accessing secure websites.

For corporate Bitdefender products, please refer to lớn this Bitdefender Center page.


Open the dashboard of your Bullguard application. Clichồng on Settings & enable the Advanced view on the top right of the panel. Go to lớn Antivi khuẩn > Safe browsing. Unkiểm tra the Show safe results option for those websites which are showing an error message.


In ESET security products you can try to disable & re-enable SSL/TLS protocol filtering or generally disable the interception of secure connections as described in ESET’s article.


Affected users of Kaspersky should tăng cấp to the most recent version of their security sản phẩm, as Kaspersky 2019 và above contain mitigations for this problem. The Kaspersky Downloads page includes "update" link that will install the lademo version miễn phí of charge for users with a current subscription.

Xem thêm: Hướng Dẫn Chia Ổ Cứng Khi Cài Win 10 Đơn Giản Nhất, Cách Chia Ổ Đĩa Ngay Trong Khi Cài Win 10

Otherwise, you can also disable the interception of secure connections:

mở cửa the dashboard of your Kaspersky application. Cliông chồng on Settings on the bottom-left. Cliông chồng Additional và then Network. In the Encrypted connections scanning section kiểm tra the Do not scan encrypted connections option và confirm this change. Finally, reboot your system for the changes to lớn take effect.

Family Safety settings in Windows accounts

In Microsoft Windows accounts protected by Family Safety settings, secure connections on popular websites like Google, Facebook and YouTube might be intercepted and their certificates replaced by a certificate issued by Microsoft in order khổng lồ filter và record search activity.

Read this Microsoft FAQ page on how lớn turn off these family features for accounts. In case you want to lớn manually install the missing certificates for affected accounts, you can refer to lớn this Microsoft tư vấn article.

Monitoring/filtering in corporate networks

Some traffic monitoring/filtering products used in corporate environments might intercept encrypted connections by replacing a website"s certificate with their own, at the same time possibly triggering errors on secure HTTPS-sites.

If you suspect this might be the case, please contact your IT department khổng lồ ensure the correct configuration of Firefox to lớn enable it working properly in such an environment, as the necessary certificate might have khổng lồ be placed in the Firefox trust store first. More information for IT departments on how khổng lồ go about this can be found in the Wiki page CA:AddRootToFirefox.


Some forms of malware intercepting encrypted website traffic can cause this error message - refer khổng lồ the article Troubleshoot Firefox issues caused by malware on how to lớn giảm giá khuyến mãi with malware problems.

The error occurs on one particular site only

In case you get this problem on one particular site only, this type of error generally indicates that the web hệ thống is not configured properly. However, if you see this error on a legitimate major trang web like Google or Facebook or sites where financial transactions take place, you should continue with the steps outlined above.

Certificate issued by a authority belonging lớn Symantec

After a number of irregularities with certificates issued by Symantec root authorities came khổng lồ light, browser vendors, including, are gradually removing trust from these certificates in their products. Firefox will no longer trust server certificates issued by Symantec, including those issued under the GeoTrust, RapidSSL, Thawte & Verisign brands. For more information, see this blog post.

hostingvietnam.vn_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED will be the primary error, but with some servers, you may see the error code SEC_ERROR_UNKNOWN_ISSUER instead. If you come across such a site you should liên hệ the owner of the trang web to insize them of the problem. strongly encourages operators of affected sites to lớn take immediate action lớn replace these certificates. DigiCert is providing certificate replacements for free.

Missing intermediate certificate

On a site with a missing intermediate certificate you will see the following error mô tả tìm kiếm after you clichồng on Advanced on the error page:

The certificate is not trusted because the issuer certificate is unknown.The server might not be sending the appropriate intermediate certificates.An additional root certificate may need to be imported.

The website"s certificate might not have been issued by a trusted certificate authority itself và no complete certificate chain lớn a trusted authority was provided either (a so-called "intermediate certificate" is missing).You can kiểm tra if a site is properly configured by entering a website"s address into a third-các buổi tiệc nhỏ tool like SSL Labs" thử nghiệm page. If it is returning the result "Chain issues: Incomplete", a proper intermediate certificate is missing.You should contact the owner of the trang web you"re having troubles accessing lớn inkhung them of that problem.

Self-signed certificate

On a site with a self-signed certificate you will see the error code ERROR_SELF_SIGNED_CERT and the following error mô tả tìm kiếm, after you cliông chồng on Advanced on the error page:

A self-signed certificate that wasn"t issued by a recognized certificate authority is not trusted by mặc định. Self-signed certificates can make your data safe from eavesdroppers, but say nothing about who the recipient of the data is. This is common for intranet websites that aren"t available publicly and you may bypass the warning for such sites.

Bypassing the warning

Warning: You should never add a certificate exception for a legitimate major trang web or sites where financial transactions take place – in this case an invalid certificate can be an indication that your connection is compromised by a third tiệc nhỏ.

If the trang web allows it, you can bypass the warning in order lớn visit the site, even thought its certificate is not being trusted by default:

On the warning page, cliông xã Advanced. Click Accept the Risk & Continue.