This thread was archived. Please ask a new question if you need help.
SSL_ERROR_UNKNOWN_CA_ALERT, but all CA certificates are be installed already and exceptions don't work
I am on Linux Mint, Firefox 100.0 and I am trying to access a website, https://www.citapreviadnie.es:38188 (requires personal DNIe certificate). However, I keep getting SSL_ERROR_UNKNOWN_CA_ALERT. If I view the certificate of the website,
1. Firefox doesn't tell me which part of the chain is invalid or not trusted (or I don't see it) 2. When I try to download and import each of the CA certificates, I get an alert saying "This certificate is already installed as a certificate authority." 3. If I try to import the whole chain, I get another alert telling me "This is not a certificate authority certificate, so it can’t be imported into the certificate authority list." 4. If I try to add a permanent exception to the site, I see "This site attempts to identify itself with invalid information", but if I click "view certificate" I'm back to step 1, and adding the exception does not have any effect.
What am I supposed to do now?
All Replies (5)
Web search: https://www.bing.com/search?q=SSL_ERROR_UNKNOWN_CA_ALERT https://bugzilla.mozilla.org/show_bug.cgi?id=1582926 Bug 1582926 Opened 3 years ago Closed 3 years ago SSL_ERROR_UNKNOWN_CA_ALERT on a two way SSL website with custom CA
From the last comment:
> Fixed with Firefox 72 if you import your Client-certificate before accessing the Site. Otherwise you will get the annoying SSL_ERROR_BAD_CERT_ALERT error. Firefox now select the correct Client-certificate is more than one is available.
I understand that I have to delete my imported client certificate and import it again then. I'll try that and report back.
Unfortunately, doing this doesn't work.
I called for more help.
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own.
I'm on Linux and I don't have, to my knowledge, any software that might be doing that.