Fix the “SEC_ERROR_REVOKED_CERTIFICATE” Error in Mozilla Firefox

If you’re seeing a “Secure Connection Failed’ page with the error message “SEC_ERROR_REVOKED_CERTIFICATE” while visiting a website, use the following steps to get rid of the error page and access the website.

Why Firefox Shows the “SEC_ERROR_REVOKED_CERTIFICATE” Error

When a website’s SSL/TLS certificate gets revoked for any reason, the browser doesn’t consider it secure and shows the “SEC_ERROR_REVOKED_CERTIFICATE” error page.

Why an SSL/TLS certificate gets revoked?

• When a website’s private key gets compromised.

• When the certificate authority (CA) mis-issues an SSL certificate. For example, in March 2019, millions of SSL certificates were revoked by Apple, Google, and GoDaddy because of non-compliant SSL serial numbers that were generated as the result of an operational error. The certificates had 63-bit serial numbers instead of 64-bit serial numbers.
• If the website owners themselves request the CA to revoke the SSL certificate because,
  • They’ve lost the private key,
  • They changed the certificate’s common name,
  • The secured site is no longer operational, or
  • They have requested the certificate for the wrong domain name by mistake.

How to Fix “Secure Connection Failed” Page with “SEC_ERROR_REVOKED_CERTIFICATE” Error in Mozilla Firefox?

If you’re a website owner, you must ask your certificate authority to reissue a new SSL certificate. Some CAs charge additional re-issuance fees. If the re-issuance fee is higher than the cost of purchasing a new certificate, you can change CAs anytime and get a new SSL from a different certificate authority.

Reissuance is free if you buy Sectigo (formerly Comodo CA) SSL certificate. The basic Comodo DV SSL starts from $10/year and comes with a $50,000 warranty.

If you’re a website visitor, you can compel your browsers to ignore the error and visit the website on your own risk by following these steps.

You won’t necessarily need to implement all of these steps. Keep applying them one by one until the error message is eliminated. 

1. Add the Site to Your List of Trusted Sites

• Search for Internet Options in the Windows search bar.
• In the pop-up window, click on the Security tab.
• Select Trusted sites.
• Click on the Sites button to open a new window.
• Manually add the URL of the website that is displaying the error message.
• Click Apply and OK.

2. Temporarily Disable Your Antivirus and Firewall

Some antivirus and firewall solutions are sensitive to SSL errors. To address this issue, all you need to do is turn off HTTPS scanning. All antiviruses have different SSL scanning under different names. Find the appropriate setting such as “HTTPS Scanning,” “Scan SSL”, “show safe result,” “Do not scan encrypted connections,” etc.,and disable it.

If you don’t see any such options, visit the manufacturer’s help section and try to find SSL- and HTTPS-related settings information there.

3. Clear the SSL State

• Search for Internet Options in the Windows search bar.

• In the pop-up window, select the Content tab.
• Click on Clear SSL State to clear your SSL cache.

4. Clear Your Browsing History

• Open Firefox and navigate to Options in the top-right drop-down menu.
• Go to Privacy and Security from the menu bar on the left side.
• Click on Clear Data in the Cookies and Site Data section.
• Select Clear History.
• Select all the options and click on Clear Now.

5. Permit Firefox to Trust Root Authorities

Firefox has an optional feature that allows the browser to trust root authorities in the Windows certificate store. To activate this feature, you must enable the setting in your browser.

• Type “about: config” into the Firefox address bar.
• Press the I accept the risk! button.
• Search for security.enterprise_roots.enabled.

• In the security.enterprise_roots.enabled window, look to the right side of the screen. If the value is False, double-click on it. The value will get changed to True.
• Restart Firefox.
• If you still see the error message, move to the next solution.

6. Change Your Security Settings

• Type Command Prompt or CMD into the Windows search bar.
• Right-click on Command Prompt and select Run as Administrator.

Type in these three commands, hitting Enter after each one:

Regsvr32 softpub.dll

Regsvr32 Wintrust.dll

Regsvr32 Wintrust.dll

• Reboot your computer. The changes will be saved.

Encryption Resources

• Hashing vs Encryption — The Big Players of the Cyber Security World
• SSL vs TLS: Decoding the Difference Between SSL and TLS
• IP Leak Test — Quick Tips to Check Whether Your IP Is Leaking
• Comodo CA is now Sectigo: FAQs
• 5 Differences Between Symmetric vs Asymmetric Encryption
• What Is Asymmetric Encryption & How Does It Work?

What Is an S/MIME Certificate and How Does It Work?

Troubleshooting Guides

• How to Resolve SSL_ERROR_RX_RECORD_TOO_LONG as a Site Visitor
• How to Fix the ERR_SSL_PROTOCOL_ERROR in 8 Easy Steps (2020 Edition)