Firefox blocks a connection as soon as it detects a problem with the SSL certificate of the visited site. The browser then displays an error message such as “Your connection is not secure” or “Secure connection failed,” preventing any access to the page. This behavior protects user data, but it poses a concrete problem when the affected site is an internal tool, network equipment, or a self-hosted server with a legitimate but unrecognized certificate.
SSL Filtering by Antivirus: The Overlooked Cause of Firefox Blocks
The majority of guides on the subject immediately direct users to browser settings. Before changing anything in Firefox, it is essential to check if third-party software is intercepting HTTPS traffic.
Read also : Sports Cars: How to Choose the Right Model?
Security suites like ESET, Kaspersky, or Bitdefender include a SSL/TLS filtering module that analyzes encrypted content by placing itself between the browser and the remote server. This mechanism replaces the original site’s certificate with a certificate generated by the antivirus. Firefox, which manages its own certificate store (unlike Chrome or Edge, which use Windows’ store), does not recognize this intermediate certificate and triggers the error.
ESET documents this behavior and recommends, as a temporary solution, to disable SSL protocol scanning in the security suite settings to restore access to HTTPS sites. The procedure varies by vendor, but the principle remains the same: look for the web filtering or SSL inspection option, disable it, and then restart Firefox.
Further reading : How to Boost Your Career with Innovative Professional Support Solutions
If the error disappears after this manipulation, the problem lies neither with the site nor the browser. It is then possible to reactivate SSL filtering and add Firefox to the antivirus exceptions, or to import the root certificate of the security suite into Firefox’s store. The detailed procedure for allowing an unsecured connection on Firefox also covers this type of configuration on the browser side.
Firefox about:config Page: Modify Minimum TLS Protocol
Since Firefox 91, the browser enforces TLS 1.2 as the minimum version of the encryption protocol. Sites still operating with TLS 1.0 or TLS 1.1 are blocked without displaying the “Accept the Risk and Continue” button that users were familiar with in earlier versions.
To access a site whose server does not support TLS 1.2, the only option is through Firefox’s advanced configuration editor.
- Type about:config in the address bar and confirm. Accept the warning by clicking “Accept the Risk and Continue.”
- Search for the security.tls.version.min setting in the search field. The default value is 3, which corresponds to TLS 1.2.
- Change this value to 1 (TLS 1.0) or 2 (TLS 1.1) depending on the protocol used by the target server, then reload the page of the concerned site.
- Once the session is finished, reset the value to 3 to restore the browser’s normal security level.
This manipulation temporarily exposes the browser to protocols with documented vulnerabilities. Only keep it active for the strictly necessary time, and only on a trusted network.
Disable Warning on Unencrypted Password Fields
Firefox also displays a crossed-out padlock and an alert message when a login form is on an HTTP page. This behavior, distinct from the certificate error, can be controlled via about:config with the security.insecure_field_warning.contextual.enabled setting. Changing it to “false” removes the visual warning on input fields. The setting security.insecure_password.ui.enabled, set to “false,” additionally removes the alert icon in the address bar.
Self-Signed Certificate and SEC_ERROR_UNKNOWN_ISSUER Error on Firefox
Errors like SEC_ERROR_UNKNOWN_ISSUER or SSL_ERROR_BAD_CERT_DOMAIN appear when Firefox cannot find the certification authority (CA) that issued the site’s certificate in its internal store. This situation frequently occurs on the administration interfaces of routers, NAS, local servers, or enterprise applications using self-signed certificates.
On the error page, Firefox sometimes offers an “Advanced” button followed by “Accept the Risk and Continue.” This option adds a permanent security exception for the site. However, some very outdated or malformed certificates do not trigger this option, and the button simply does not appear.
Manually Manage Certificate Exceptions
In this case, it is possible to add the exception via the browser settings. Open the Firefox menu, then Settings, Privacy & Security, scroll down to the Certificates section, and click on “Manage Certificates.” The “Servers” tab allows you to manually add an exception for a specific URL.
The long-term solution, however, lies on the server side. Recent hosting guides recommend replacing self-signed certificates with a recognized certificate, for example via Let’s Encrypt, which provides free and automated certificates. Fixing mixed content issues (resources loaded over HTTP on an HTTPS page) is also part of the prerequisites for Firefox to accept the connection without alert.
When the Problem Comes from the System Date or Network
Firefox checks the temporal validity of the certificate based on the system clock. An incorrect date or time on the computer is enough to invalidate a perfectly valid certificate. The error message often mentions an inconsistent expiration date. Checking the date and time settings of Windows or macOS, and enabling automatic synchronization, resolves this type of block in a few seconds.
Corporate networks, captive hotel portals, or public Wi-Fi also cause certificate errors. The firewall or proxy intercepts the HTTPS connection and presents its own certificate, which Firefox rejects. In this situation, trying to access a simple HTTP site (without S) first can sometimes trigger the captive portal authentication page, after which HTTPS browsing resumes normally.
Changing Firefox’s security settings remains a last resort, not a reflex. First identifying whether the source of the block is the antivirus, the network, the system clock, or the server itself avoids lowering the browser’s protection for a problem that can be resolved elsewhere.