Are Google and Firefox having a fight?
November 11, 2015 11:24 AM   Subscribe

I can sign onto gmail from Chrome or IE no problem, but Firefox tells me that gmail is an untrusted connection. What gives?

This has been going on for a couple of weeks. Prior to that, I happily only had one browser open during the day. What am I doing wrong?

This remains true even though firefox was just reloaded to my computer by an IT professional.
posted by janey47 to Computers & Internet (8 answers total)
 
do you get the same error everywhere? have you tried both at work and at home (without vpn)? what does the error say in more detail? what is your os? what version of firefox are you using (menu, "?", about)?
posted by andrewcooke at 11:53 AM on November 11, 2015


Are you on a corporate network? If so, chances are it's due to the company proxy doing a man in the middle attack so they can monitor your internet usage. Bitdefender can also mess it up if you have ssl scanning enabled.
posted by mattamatic at 11:56 AM on November 11, 2015


do you get the same error everywhere? have you tried both at work and at home (without vpn)?


Have not tried at home b/c I don't use firefox at home. But this really only started a week or two ago.

what does the error say in more detail?

gmail.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)

what is your os?

Microsoft Office Professional Plus 2010

what version of firefox are you using (menu, "?", about)?

42.0
posted by janey47 at 12:07 PM on November 11, 2015


Why does it say the connection is untrusted? The detail should mention something like, certificate expired, untrusted root, etc.?
posted by odinsdream at 12:07 PM on November 11, 2015


Ah, yeah. So that means your employer is probably trying to hijack the SSL connection. Normally they'd also install their fake root certificate as a trusted root by your browser, but either they aren't accounting for Firefox, or the Firefox re-install missed this bit when your IT did it.

You can compare a "normal" SSL session with your work version by visiting the gmail site, you don't have to log in, and then click the little lock icon in your browser, and viewing the certificate itself. Proper Google certificates will say they're issued by GeoTrust Global CA, Google Internet Authority G2. If you see anything else, that's your company injecting their own.
posted by odinsdream at 12:11 PM on November 11, 2015 [7 favorites]


thanks!
posted by janey47 at 12:24 PM on November 11, 2015


a better way to see the actual Certificate Authority is to do a search like this:

https://www.sslshopper.com/ssl-checker.html#hostname=gmail.com
posted by sideshow at 12:01 PM on November 12, 2015


If so, chances are it's due to the company proxy doing a man in the middle attack

This is exactly what I deal with work, something I've carefully confirmed. Firefox is the only major browser that picks it up and warns you -- Chrome, IE, etc just happily plug away as if all is well.

Your company is snooping on your ostensibly end-to-end encrypted web traffic-- it's just that FF is the only browser telling you that it's happening.
posted by stavrosthewonderchicken at 6:33 PM on November 19, 2015


« Older After 101+ days, what do you think about your Tuft...   |   How to add some very dim lighting to see stairs at... Newer »
This thread is closed to new comments.