=== "[Proxy or WebDAV URL] uses an invalid security certificate. The certificate is not trusted because […]" ===

== Summary ==

If a Zotero Standalone error report shows an error similar to the above for your institution's **proxy** or **WebDAV server**, the server is likely misconfigured and will need to be fixed by your IT department. Point them to this page along with the URL from the error report.

If you're getting a certificate error for a zotero.org URL — for example, while syncing — that's [[[[SSL certificate error|a different issue]].

== Technical Details ==

This error generally occurs because the proxy or WebDAV server isn't serving the necessary "intermediate certificate" for secure connections, and Firefox — and therefore Zotero Standalone, which is based on the same code — won't download it on its own. Without an intermediate certificate, it's impossible to determine whether the connection (which might include login details) is secure, and the connection fails.

To verify that this is the case, submit the URL from the error report to https://www.ssllabs.com/ssltest/ and view the results. If you see "Chain issues: Incomplete" in orange under "Additional Certificates (if supplied)", you're experiencing this issue. The report will then also say "Extra download" (instead of "Sent by server" or "In trust store") for one or more certificates listed under "Certification Paths".

If you're able to load the same URL in Firefox (making sure to use "https:%%//%%"), it's likely because you previously loaded another site of your institution's (or another institution's) that included the intermediate certificate, which Firefox would then cache and use even on sites that didn't serve it properly. Generally speaking, though, sites should always serve their intermediate certificates and are broken if they don't. If you create a new Firefox profile, you should get a certificate error trying to load the same URL, which is essentially the situation Zotero Standalone is in.

{{tag>kb}}