The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)

FF 44 works fine. Example: https://www.findip-address.com

added component::applications/tor browser owner::tbb-team priority::medium severity::normal status::new tbb-usability-website type::defect labels

Works for me, current TBB on Linux.

Interesting. TBB 6.0a1 on Win7.

Also running TBB on Linux but it does not work for me.

According to [https://www.ssllabs.com/ssltest/analyze.html?d=findip-address.com] it has an incomplete chain.

There's also [https://bugzilla.mozilla.org/show_bug.cgi?id=629558] with some information on why it could and could not work.

It was working on a TBB installation, where disk storage is not disabled. On TBB with disk storage disabled, the certificate is invalid.

They seem to serve a certificate with an incomplete chain.

Apparently, intermediate certificates are stored by Firefox in cert8.db. Presumably, some previous web site included the intermediate certificate and it got stored in cert8.db and thus things are working for this installation. If I delete the cert8.db, the RapidSSL certificate fails.

So on one end we are accepting broken SSL certificates WITHOUT EVEN PROMPTING OR WARNING THE USER and on the other end we are making it hard or almost impossible for users to access sites with "invalid SSL certificates" from Bug 629558, which is known since 2011, and everything was resolved as fixed...

Trac:
Keywords: N/A deleted, tbb-usability-website added
Summary: RapidSSL SHA256 CA - G3 (Error code: sec_error_unknown_issuer) to The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)

Because of the bug in Firefox, Tor Browser can fall into undesirable state, preventing browsing of certain sites, e.g. https://observatory.mozilla.org/analyze/msdn.microsoft.com states that

HTTP Strict Transport Security (HSTS) header cannot be set, as site contains an invalid certificate chain but when it is set anyway, Tor Browser shows Your connection is not secure The owner of msdn.microsoft.com has configured their website improperly. To protect your information from being stolen, Tor Browser has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Tor Browser may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

Trac:
Reviewer: N/A to N/A

mentioned in issue #21559 (moved)

moved to tpo/applications/tor-browser#18218 (closed)