User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Steps to reproduce:

After updating to v71.0, I'm not able to access sites that use a Certum signed certificate like https://www.certum.pl (which looks like the page of that signing party?) or www.dolzer.com (an online shop for suits)

Actual results:

Pages won't load with the error code "SEC_ERROR_UNKNOWN_ISSUER", and the link to display the full certificate yields another error page

Additional information: using Chrome, everything works fine

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
20191202093317

Both links work for me, though https://www.certum.pl carries a low encryption warning because it doesn't support TLS 1.2.
https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/

If you open the certificate manager (about:preferences -> search for "certificates" -> click View Certificates -> click Authorities), find and select "Certum Trusted Network CA" (under "Unizeto Technologies S.A."), and click Edit Trust, is the websites checkbox checked?`

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #3)

If you open the certificate manager (about:preferences -> search for "certificates" -> click View Certificates -> click Authorities), find and select "Certum Trusted Network CA" (under "Unizeto Technologies S.A."), and click Edit Trust, is the websites checkbox checked?`

Thanks for replying! That checkbox is not checked. On checking it, everything works again. But just to be picky: shouldn't this be a situation where the cause of an error should be more obvious?

We could suggest users check this on the error page, but it would be a fair bit of work.