Digital Certificate Error

When I go to a certain website, www.freedomwholesale.com (which then probably redirects to a slight variation), I get this error with Firefox on Linux Mint 19.1 Cinnamon:
Warning: Potential Security Risk Ahead
...
Error code: SEC_ERROR_UNKNOWN_ISSUER

However, I do not get the error with a Chromium based browser on the same OS. I also don't get the error in Windows using Firefox or Pale Moon (which was a fork off of Firefox a while back). The only thing that I can say is that the Firefox versions on each machine might be a little different. But, the Mint version is pretty up to date (I have been doing "OS updates" right away and I think Firefox updates are part of that).

 

Graded B, not bad, not sure I'd trust it with money though.

Cert. looks okay, maybe your FF/Cinnamon combo is using something that's interfering.



Browsers are different in the amount of slack they cut for sites, and in the areas in which they're very tight. Some make it trivial to connect to weak/dodgy sites, others make it more difficult. Pale Moon's pretty safe in that respect.

 

Such as...? This is a pretty new install of the OS, and I only have one add-on installed in Firefox.
As an aside, Pale Moon seems to have more detail about the security certificate. Firefox doesn't show the sha 256 fingerprinting & everything below that (like your Pale Moon installation does).

 

In Windows 8.1, I am running whatever is built in, Windows Defender, I think. In Mint 19.1, I am not running anything. So I think that can't be an explanation.

As an aside, once I log into the website, the website gives a message that says that the site is built for Google Chrome. But, I don't generally use Chrome and Brave, a chromium based browser ran into a problem with the site. But anyway, I wouldn't think that using a different web browser changes the site (and its potential vulnerabilities). Except for each browser having a unique set of vulnerabilities.

 

The provided certificate was issued by a certificate authority that is not known by Firefox in its default config for the corresponding Operating System.

This also came up if the site may be utilizing Symantec auth for CA....

Even though Im not sure what your actually asking for here, if you need to check that this URL is a safe site, run it here!

Seems ok from my tests.....

 

@plodr gave you the Firefox on Windows likely reasons, does your Firefox/Cinnamon page for that site have a 'Learn more..' or similar link where they might show some *nix-specific gotchas?

Pale Moon offers a lot of detail and options (and a GUI in the shape of Pale Moon Commander) when it comes to site security. When a site is particularly bad, it doesn't offer an easy override either. Other browsers could connect to a very vulnerable site without even a warning, you can check your browsers SSL/TLS here.

 

You conveniently forgot to mention that you are using a VPN.

 

I didn't think that an AV program would serve to "clear" a site in the browser's eyes. In other words, I didn't think that AV software would give Firefox the ok and then Firefox then does not display the message.

No, there doesn't seem to be any Linux operating system specific information, just
"SEC_ERROR_UNKNOWN_ISSUER"

 

I wasn't using VPN on either OS in these instances.

 

When clicking your link in post #1 I get redirected to...
https://www.freedomwholesale.com/wp...bYZDpqKgIAJLBHlY!/dz/d5/L2dBISEvZ0FBIS9nQSEh/
How do you explain the above URL?

 

I don't know. When I type in
www.freedomwholesale.com
I get redirected to something similar.

 

You know now, any 'security' software that includes such intercepts really isn't doing anything for you.

Probably browser/user agent sniffing, where specific UAs or guessed browser capabilities get bounced to some personally identifiable entry point (allowed through the net), I see a similar string in Chrome.

 

But Microsoft's anti-virus software wouldn't(?) be getting Firefox to not display the warning about the site. So "antivirus software causing the experience" is not a viable explanation for the OP (once further clarified where antivirus software was running).

 

VirusTotal gives the site the all clear.
https://www.virustotal.com/gui/url/...2087a4337671099f14aff81f04804438876/detection

Pale Moon 28.4.0 shows these messages.

 

https://www.freedomwholesale.com/wp...bYZDpqKgIAJLBHlY!/dz/d5/L2dBISEvZ0FBIS9nQSEh/

I dont see this as a re-direct as such, the domain is still www.freedomwholesale.com with the database referencing page id tacked on.
Like most sites, it would most likely run multiple pages (url's)

I do agree that this is lazy/poor programming on behalf of the website designer to display the paging reference for all to see in the URL....it should resolve to simply the domain.

Nothing wrong with the site itself, however its backend database may not be so well protected from injection or the likes, and yes, this is what holds your financial and other personal info.

 

AV interference isn't the only reason...

Table of Contents

• What does this error code mean?
• The error occurs on multiple secure sites
  • Antivirus products
    • Avast/AVG
    • Bitdefender
    • Bullguard
    • ESET
    • Kaspersky
  • Family Safety settings in Windows accounts
  • Monitoring/filtering in corporate networks
  • Malware
• The error occurs on one particular site only
  • Certificate issued by a authority belonging to Symantec
  • Missing intermediate certificate
  • Self-signed certificate
  • Bypassing the warning