How to Fix MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT?

The MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error occurs in Mozilla Firefox when trying to access a website that has an SSL/TLS certificate that is self-signed and not issued by a trusted Certificate Authority (CA). In other words, Firefox does not trust the certificate because it hasn’t been verified by a recognized entity, and as a result, it throws the MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error.

This issue can occur on websites that use self-signed certificates (often seen in development or testing environments) or when there’s a misconfiguration in the SSL certificate on the server.

In this guide, we will walk through multiple methods to fix the MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error.

What Causes MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT?

Several factors can lead to this error:

1. Self-Signed SSL/TLS Certificate: The website you are trying to visit uses an SSL certificate that is self-signed, which means it hasn’t been verified by a trusted CA.
2. Certificate Expiry: The self-signed certificate may have expired.
3. Intermediate Certificates Missing: The server might not be sending all necessary intermediate certificates, causing the browser to not trust the SSL certificate.
4. Corrupted or Outdated Firefox Profile: Your Firefox profile may be corrupted or outdated, causing issues with certificate validation.
5. Incorrect System Date and Time: An incorrect system clock can prevent Firefox from validating SSL certificates correctly.

How to Fix MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT?

Here are several solutions you can try to fix the MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error in Firefox:

1. Add the Self-Signed Certificate to Firefox’s Trusted Authorities

If you are accessing a site with a self-signed certificate, and you trust the website, you can manually add the certificate to Firefox’s trusted authorities.

Steps to Add a Self-Signed Certificate to Firefox:

1. Visit the Website: Go to the website that is throwing the error.
2. View the Certificate:
   • Click on the lock icon in the address bar next to the URL.
   • Click on More Information.
   • In the new window, click View Certificate.
3. Download the Certificate:
   • Click on the Export button to save the certificate to your computer.
   • Choose a location to save the file, such as your desktop.
4. Import the Certificate into Firefox:
   • Open Firefox and click on the three horizontal lines (hamburger menu) in the top-right corner.
   • Select Settings.
   • Scroll down to the Privacy & Security section.
   • Under the Certificates section, click View Certificates.
   • In the Certificate Manager window, go to the Authorities tab.
   • Click Import, then locate and select the saved self-signed certificate file.
   • Check the box next to Trust this CA to identify websites, then click OK.
   • Restart Firefox and try accessing the website again.

2. Check the System Date and Time

An incorrect system date and time can cause SSL/TLS certificate errors because the certificates are only valid within specific date ranges.

How to Fix the Date and Time on Windows:

1. Right-click on the time and date in the system tray at the bottom-right of the screen.
2. Select Adjust date/time.
3. In the window that opens, ensure that the Set time automatically option is turned on.
4. If the time is still incorrect, manually adjust the time and date to match the current settings.

How to Fix the Date and Time on macOS:

1. Click the Apple menu in the top-left corner of the screen and select System Preferences.
2. Click Date & Time.
3. Ensure that Set date and time automatically is enabled, or manually adjust the date and time.

Once your system clock is correct, restart Firefox and check if the error is resolved.

3. Clear SSL State in Firefox

Sometimes, clearing the SSL state can resolve certificate-related issues.

How to Clear SSL State in Firefox:

1. Open Firefox and click on the three horizontal lines (hamburger menu) in the top-right corner.
2. Select Settings.
3. Scroll down to the Privacy & Security section.
4. Under Cookies and Site Data, click Clear Data.
5. Check the box for Cached Web Content and click Clear.
6. Restart Firefox and try reloading the page.

4. Disable SSL Scanning in Antivirus Software

Some antivirus programs, especially those with web protection features, scan SSL connections and can block certain SSL certificates, leading to errors like MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.

How to Disable SSL Scanning in Antivirus:

• Open your antivirus software and look for web or SSL scanning settings.
• Disable SSL scanning or web protection features.
• Restart Firefox and check if the error persists.

Note: Don’t forget to re-enable the feature after troubleshooting.

5. Disable Firefox Certificate Validation (Temporary Solution)

This method is not recommended for long-term use, as it reduces the security of your browsing. However, if you need to bypass the MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error temporarily, you can disable certificate validation in Firefox.

Steps to Disable Certificate Validation:

1. Open Firefox and type about:config in the address bar.
2. Press Enter and confirm the prompt that appears.
3. In the search bar, type security.enterprise_roots.enabled.
4. Double-click the setting to change its value from false to true.
5. Restart Firefox and try accessing the website again.

Note: Disabling certificate validation can expose you to potential security risks, so use this option only as a temporary workaround and only on trusted websites.

6. Update Firefox to the Latest Version

Outdated versions of Firefox may not be able to validate the SSL certificates correctly, leading to errors like MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.

Steps to Update Firefox:

1. Open Firefox and click on the three horizontal lines (hamburger menu) in the top-right corner.
2. Select Help > About Firefox.
3. Firefox will check for updates automatically. If an update is available, it will be downloaded and installed.
4. Restart Firefox after the update is complete.

7. Check the Website’s SSL/TLS Configuration

If the website’s SSL/TLS certificate is improperly configured, the error can persist. If you’re the website owner or developer, here are a few things to check:

1. Verify the Certificate Chain: Ensure the SSL certificate is installed correctly, and the intermediate certificates are properly configured.
2. Get a Valid SSL Certificate: If you’re using a self-signed certificate, consider getting a certificate from a trusted Certificate Authority (CA).
3. Check for Certificate Expiration: Ensure the SSL certificate has not expired.

You can use tools like SSL Labs’ SSL Test to check your SSL certificate’s configuration.

Conclusion

The MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT error can be frustrating, but it’s usually fixable by following the methods outlined in this guide. Whether you need to add the certificate to Firefox’s trusted authorities, fix system date and time, or disable SSL scanning in antivirus software, one of these steps should help resolve the error.

For long-term solutions, website administrators should consider using certificates from trusted Certificate Authorities to avoid this error for users. Always be cautious when bypassing SSL certificate errors, as doing so can expose you to potential security risks.