I assume Firefox developers did something wrong with last release (43.0.1) since I get this error after installing updates:
This Connection is Untrusted
You have asked Firefox to connect securely to www.google.com, but we
can't confirm that your connection is secure.Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place.
However, this site's identity can't be verified.What Should I Do?
If you usually connect to this site without problems, this error could
mean that someone is trying to impersonate the site, and you shouldn't
continue.This site uses HTTP Strict Transport Security (HSTS) to specify that
Firefox only connect to it securely. As a result, it is not possible
to add an exception for this certificate.
Get me out of thereTechnical Details
www.google.com uses an invalid security certificate.
The certificate is not trusted because it was signed using a signature
algorithm that was disabled because that algorithm is not secure.(Error code: sec_error_cert_signature_algorithm_disabled)
I would like to emphasize that everything worked before the update. Also right after update the new version screen advertised new and better security.
My question is "How do I fix this?" – unless I am actually trying to connect to fake google server. Is something wrong with my computer, so suddenly?
Best Answer
The immediate reason you are getting this error is because of this explanation.
Firefox 43.0.4 fixes Bug 1236975 which that explanation is from.
It is important to point out that Google does not use SHA1 certificates, so if you are getting this error, it means you have a security product that is performing a man in the middle attack on all your secure content in order to secure it.
If this is a personal machine you should disable that security feature immediately. OEMs are also known to submit forged certificates in order to offer after market services, in those cases from those OEMs, they have been used to install signed malware because those OEMs can't do security properly.
Your inability to upgrade Firefox through the upgrade system, was because Firefox was silently rejecting the connection for a similar reason, it was attempting to instantiate that connection using a similar forged certificate. In other words while you have fixed the problem described in your question, you are still using the forged certificate, and thus you might as well be sending everything over plain text.
Man-in-the-Middle Interfering with Increased Security