Knowledgebase: SSL Technical FAQs
Firefox error code: sec_error_unknown_issuer

Error code: sec_error_unknown_issuer



This Firefox error means that Firefox is unable to chain up to a trusted Certificate Authority based on information provided to Firefox from the web site you're visiting. If you're the owner or maintainer of the site in question please install the Intermediates that came with your certificate. This is required as per the SSL/TLS RFC starting with RFC 2246, which covers TLS 1.0.

RFC 2246 states:

certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate which specifies the root SSL certificate authority may optionally be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case.
This translates to: The Web Server must present the full certificate chain (if it has one), so that unaware clients can chain up properly to the appropriate Root CA. For most of Comodo's Certs is the: AddTrust External CA Root.

(1922 vote(s))
Helpful
Not helpful
Comments (0)