Jump to content

Firefox certificates issue


Recommended Posts

After the last updates I started having the certificates issue with firefox https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/page/6/ 

On W10 20H2 FF 78.4.1 ESR has credential issues that lead to secure connection errors and data loss, Ungoogled Chromium seems not affected.

On W10 1909 FF displays invalid cert on every website, the same with Ungoogled.

Pref "security.enterprise_roots.enabled" is "true" and locked (by Eset or by group policy)

I see no errors in browsers console.

On the third PC with 20H2 and without Eset SSP I have no issues.

I've tried disabling/re-enabling SSL/TLS filtering while monitoring TRCA, Eset SS filter CA was renewed and is valid until 15/11/2030.

Disabling SSL/TLS filtering didn't resolved the issue.

Suggestions?

Link to comment
Share on other sites

  • Administrators

With SSL filtering disabled there is no ESET SSL filter CA certificate in the Trusted root certification authorities store?

image.png

Is there no ESET root certificate in the list of untrusted certificates?

You can search certificates for "ESET SSL". WIth SSL filtering disabled you should not be able to find any, after re-enabling SSL filtering you should be able to find one:

image.png

Link to comment
Share on other sites

I can confirm that disabling filtering the cert goes away...

In the 20H2 machine I've resolved with Eset reinstallation/reconfiguration, root certificates cleanup/rebuild and restoring some old firefox profiles, now everything seems ok, so probably it was a corruption or a misconfiguration due to November patches.

In the 1909 machine a newer Eset certificate was installed and after reboot no browsing issues.

Thanks

Link to comment
Share on other sites

6 hours ago, Enrico said:

Update: I've started having issues with FF on some websites, the solution was set "security.tls.version.min" to 1 .

I really can't say that a downgrade to TLS 1.0 is a secure thing to do. The default minimum TLS version is TLS 1.2 which is a value of 3.

Ref.: http://kb.mozillazine.org/Security.tls.version.*

Link to comment
Share on other sites

I know, but tell it to the bank (that was naggin' me with "install the app from gooogle play because it's more secure" blah blah), to the insurance or to the biggest ISP here, today their are facing serious issues because of this procrastination.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...