Firefox does not accept some (any?) DigiCert certificates


#1

Since the last Firefox upgrade, I cannot open any page that uses a DigiCert certificate. This affects big sites such as linkedin dot com, ebay dot com, transferwise dot com, and ironically blog dot mozilla dot org.

This is on an up-to-date Fedora 28 with firefox 63.0.3-2. Google Chrome is working fine.

Am I the only one hitting this issue? I did not find anything on Bugzilla or the web in general. The Mozilla Blog has multiple posts about Symantec/DigiCert certificates, which may be related. But linkedin dot com uses a certificate that was signed on May 30, 2018, so it definitely shouldn’t result in an error there.

All those sites give an SEC_ERROR_UNKNOWN_ISSUER error.

What’s the problem? Is this a bug in Firefox or did I unknowingly mess up my security settings? What would be the relevant settings? Is anyone else having this problem?

[I can’t add more than two links because I am a “new user”]


#2

I don’t see that problem here with 63.0.3-2 - all the sites you mention work fine. I suspect something is wrong with your settings. You could try creating a new Firefox profile and see if the problem persists with that.


#3

When in doubt, restart Firefox in “safe mode” - it disables all your add-ins. If that doesn’t help, refresh it.


#4

Thanks, using a new profile was a good hint. Using a different profile solved the issue, while disabling the add-ons didn’t. My certificate authority seemed to be non-default in several aspects, so I reset them by removing cert9.db in my profile directory, following this advice. That fixed the issue.