Pentode 13 Posted May 16, 2019 Share Posted May 16, 2019 When going to Wires UK the site doesn't load, I get 'Protocol filtering error' asking me to import Root Certificate, this is only on a couple of sites otherwise everything else is fine, just these two particular sites. The actual address bar does not show the target address, just the Google link. I've tried two operating systems, Win 7 x64bit and XP x32bit, both have latest Nod 32 AV installed. I've also tried the usual tricks disabling SSL, enabling and rebooting etc. as shown on Nod 32 help pages.... makes no difference, also tried adding an exception rule. If I disable Nod32 these two will still not load, I forgot what the 2nd site was but wasn't really important. For some strange reason I don't get the error message any more, on XP 32bit the page is just blank with about:config in the address bar. When I get time I'll make a clone and remove NOD32 to see if that helps.... the site had used to work before NOD32 was updated. Be grateful if anyone could throw some light on this problem. Dave Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted May 16, 2019 Administrators Share Posted May 16, 2019 What browser did you use? Did you also try opening IE on Windows 7? If you mean the website https://www.wires.co.uk/, it uses an EV certificate which means its not filtered / scanned by default by ESET so disabling SSL filtering should have no effect on it. Did you also try disabling protocol filtering? Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 16, 2019 Share Posted May 16, 2019 36 minutes ago, Marcos said: website https://www.wires.co.uk/, it uses an EV certificate Same here. No problem accessing it in IE11 or FireFox on Win 10. Did notice the site uses a flakey Comodo multi-domain EV certificate. If the browser is Chrome, maybe the multi-domain thing is what it is objecting to. Link to comment Share on other sites More sharing options...
Pentode 13 Posted May 16, 2019 Author Share Posted May 16, 2019 Thank you Marcos and itman, I'm using Firefox 46.0.1. Yes it's the same on Internet Explorer, also same on a Acer laptop again using Nod32 with Win 7 32bit starter pack. I did try switching Protocol filtering that made no difference, the site was working prior to updating the program I'm pretty sure of that..... maybe I'll clone a drive then try it without Nod32 and then to a re-install. Be glad if you could confirm disabling Nod that it doesn't leave anything running like filtering and so on. Thought it strange because all any other pages seem pretty responsive loading. Clicking the cache triangle that opens Ok, but that's only Google as I understand. Should I manage solve it I'll post back, thanks for trying. Dave Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted May 16, 2019 Administrators Share Posted May 16, 2019 On Windows 7 you should be able to use the latest version of Firefox 66.0.5. Is there any reason why you haven't upgraded yet? If disabling protocol filtering doesn't make any difference, then ESET should not be involved and even uninstalling it should not make the issue go away. Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 16, 2019 Share Posted May 16, 2019 (edited) Per FireFox trouble shooting FAQ: Quote The error occurs on one particular site only In case you get this problem on one particular site only, this type of error generally indicates that the web server is not configured properly. Missing intermediate certificate On a site with a missing intermediate certificate you will see the following error description after you click on Advanced on the error page: The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates.An additional root certificate may need to be imported. The website's certificate might not have been issued by a trusted certificate authority itself and no complete certificate chain to a trusted authority was provided either (a so-called "intermediate certificate" is missing). You can test if a site is properly configured by entering a website's address into a third-party tool like SSL Labs' test page. If it is returning the result "Chain issues: Incomplete", a proper intermediate certificate is missing. You should contact the owner of the website you're having troubles accessing to inform them of that problem. https://support.mozilla.org/en-US/kb/error-codes-secure-websites Now refer to the below screen shot. It appears to me your FireFox's Authorities certificate store doesn't contain the proper certificate chain relationship; i.e. Certificate Hierarchy, for this web site. Like @Marcos posted previously, upgrade to the latest version of FireFox. I strongly suspect by doing so, this problem will be resolved. Edited May 16, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 16, 2019 Share Posted May 16, 2019 It also appears to me that FireFox is showing the incorrect certificate hierarchy for this web site. That's not surprising given the recent mess Mozilla created by letting their own certificate expire. Anyway, below is a screen shot of IE's certificate hierarchy for this web site. Note that the Sectigo RSA Intermediate root certificate chains to a different root CA store certificate. Note that IE11 uses the Windows root CA certificate store. Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 16, 2019 Share Posted May 16, 2019 (edited) Yikes! Comodo, aka UserTrust, is now Sertigo: https://sectigo.com/blog/sectigo-begins-issuing-certificates-on-new-sectigo-branded-root . Appears to me that Mozilla hasn't gotten around to updating FireFox's Authorities CA store as it should have. This is one reason why I still use IE11 as my browser. -EDIT- IE11 uses the root CA store certificate "friendly name" for the issuer in its Certificate Hierarchy display. The root cert. was actually issued by USERTrust and is the same one stored in FireFox's Authorities CA store. Edited May 16, 2019 by itman Link to comment Share on other sites More sharing options...
Pentode 13 Posted May 16, 2019 Author Share Posted May 16, 2019 Wow, thanks itman that saves me a lot of messing around, as I understand no matter what I do I'd be landing back on square one, thanks to other contributors too. I would have had no idea since I couldn't get to see the certificate.... at least I don't think I could, so this means I'll have to 'stick it' or review some other browser. Dave Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 16, 2019 Share Posted May 16, 2019 (edited) 3 hours ago, Pentode said: I would have had no idea since I couldn't get to see the certificate.... at least I don't think I could, so this means I'll have to 'stick it' or review some other browser. As far as not being able to access the web site in either Win XP or Win 7 in IE11, the following comments. Win XP has not been supported by Microsoft for some time. As such, we can assume that its Windows root CA store certificates likewise haven't been updated. Hence, the certificate errors reported trying to access the web site. As far as Win 7 goes, have you been performing regular Win Updating on the device? Even if you were, I always had issues with my Windows root CA store certificates being updated properly on Win 7. Hence again, a possible reason for the certificate errors reported trying to access the web site. Edited May 16, 2019 by itman Link to comment Share on other sites More sharing options...
Pentode 13 Posted May 17, 2019 Author Share Posted May 17, 2019 -Solved- Thanks all, I done what I should have done..... updated Firefox, all is well now. Dave Link to comment Share on other sites More sharing options...
Recommended Posts