X
Tap here to go to the mobile version of the site.

منتدى الدعم

Secure Connection Failed

Posted

I have a number of HP iLO connections within my corporate network which I use FF to access so that I can control my servers. These are all HTTPS connections and firmware-based and since the servers are now around 5 years old, HP no longer is releasing updates for the iLO.

For most of the iLO connections I'm getting the following error in FF:

Secure Connection Failed

An error occurred during a connection to bkp4.systems.aims.my. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem.

I then have to open up IE to get to the site to do my work and this is very frustrating that I cannot bypass this bug.

I also have supplier portals which we use for our backups and other stuff and I get the same error there and have to use IE to get into those sites.

Is there a fix to this problem or do I have to ditch FF for IE just to get my daily work done??

I have a number of HP iLO connections within my corporate network which I use FF to access so that I can control my servers. These are all HTTPS connections and firmware-based and since the servers are now around 5 years old, HP no longer is releasing updates for the iLO. For most of the iLO connections I'm getting the following error in FF: Secure Connection Failed An error occurred during a connection to bkp4.systems.aims.my. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I then have to open up IE to get to the site to do my work and this is very frustrating that I cannot bypass this bug. I also have supplier portals which we use for our backups and other stuff and I get the same error there and have to use IE to get into those sites. Is there a fix to this problem or do I have to ditch FF for IE just to get my daily work done??

Chosen solution

I found the solution, at least for me. I deleted the file "cert8.db" in the profile folder and it seems to have fixed the issue.

Previous suggestions were really helpful for me to understand certs and stuff so thanks for those links.

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • ActiveTouch General Plugin Container Version 202
  • ActiveTouch General Plugin Container Version 105
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.13
  • IE Tab 2 Plug-in for Mozilla/Firefox
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 1.6.0_38 for Mozilla browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • The plugin allows you to have a better experience with Microsoft Lync
  • Shockwave Flash 15.0 r0
  • Adobe Shockwave for Director Netscape plug-in, version 12.0.7.148
  • 5.1.41105.0
  • VLC media player Web Plugin 2.1.3
  • VMware Remote Console Plug-in

Application

  • Firefox 43.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
  • Support URL: https://support.mozilla.org/1/firefox/43.0.1/WINNT/en-US/

Extensions

  • Adblock Plus 2.7.1 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • CoLT 2.6.7 ({e6c4c3ef-3d4d-42d6-8283-8da73c53a283})
  • Copy Links 0.1.7.1-signed ({76C80A11-FAD4-406c-8246-F5ED4F9367B5})
  • Flagfox 5.1.7 ({1018e4d6-728f-4b20-ad56-37578a4de76b})
  • FoxClocks 4.2.1 ({d37dc5d0-431d-44e5-8c91-49419370caa1})
  • IE Tab 2 (FF 3.6+) 5.12.12.1.1-signed ({1BC9BA34-1EED-42ca-A505-6D2F1A935BBB})
  • Image Zoom 0.6.3.1-signed ({1A2D0EC4-75F5-4c91-89C4-3656F6E44B68})
  • Linky 3.0.0.1-signed.1-let-fixed (linky@gemal.dk)
  • Microsoft .NET Framework Assistant 1.3.1.1-signed ({20a82645-c095-46ed-80e3-08825760534b})
  • NetVideoHunter 1.20 (netvideohunter@netvideohunter.com)
  • NoScript 2.9.0.2 ({73a6fe31-595d-460b-a920-fcc0f8843232})
  • Print pages to PDF 0.1.9.3.1-signed (printPages2Pdf@reinhold.ripper)
  • RoboForm Toolbar 7.9.15.0 ({22119944-ED35-4ab1-910B-E619EA06A115})
  • Tab Mix Plus 0.4.2.0 ({dc572301-7619-498c-a57d-39143191b318})
  • UnMHT 8.1.0 ({f759ca51-3a91-4dd1-ae78-9db5eee9ebf0})
  • Youtube Best Video Downloader 2 4.5 ({170503FA-3349-4F17-BC86-001888A5C8E2})
  • YouTube Video and Audio Downloader 0.4.8 (feca4b87-3be4-43da-a1b1-137c24220968@jetpack)
  • 1-Click YouTube Video Downloader 2.4.0.1-signed (YoutubeDownloader@PeterOlayev.com) (Inactive)
  • Easy Youtube Video Downloader Express 9.06 ({b9acf540-acba-11e1-8ccb-001fd0e08bd4}) (Inactive)
  • McAfee ScriptScan for Firefox 15.4.0 ({D19CA586-DD6C-4a0a-96F8-14644F340D60}) (Inactive)
  • Skype 8.0.0.9103 ({82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}) (Inactive)
  • Video DownloadHelper 5.4.2 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d}) (Inactive)
  • Youtube and more - Easy Video Downloader 1.97.43 (vdpure@link64) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 4000
  • adapterDescription2:
  • adapterDeviceID: 0x0166
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 17a7103c
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • clearTypeParameters: Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16492
  • driverDate: 3-26-2012
  • driverDate2:
  • driverVersion: 8.15.10.2712
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 2
  • numTotalWindows: 2
  • supportsHardwareH264: Yes
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 4000 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: Yes
cor-el
  • Top 10 Contributor
  • Moderator
17865 solutions 161655 answers

You can inspect these prefs on the about:config page about cipher suites that are involved with the Logjam vulnerability.

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

Note that setting these prefs to true will make you vulnerable, so proceed with caution.

The DHE cipher suites were disabled for a reason and re-enabling them will make you vulnerable for the Logjam attack. You can consider to use a separate profile with the two involved cipher suites enabled and use that profile for accessing blocked websites.

You can inspect these prefs on the <b>about:config</b> page about cipher suites that are involved with the Logjam vulnerability. *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha Note that setting these prefs to true will make you vulnerable, so proceed with caution. The DHE cipher suites were disabled for a reason and re-enabling them will make you vulnerable for the Logjam attack. You can consider to use a separate profile with the two involved cipher suites enabled and use that profile for accessing blocked websites. *http://kb.mozillazine.org/Profile_Manager *https://developer.mozilla.org/Mozilla/Multiple_Firefox_Profiles
jscher2000
  • Top 10 Contributor
8959 solutions 73404 answers

ردّ مُفيد

Set those two preferences listed by cor-el to false to try to force the device to upgrade to different ciphers. Since you don't want Firefox to use them, it's okay to leave them false even if it doesn't help with this particular connection.

Also, it appears there were some firmware updates released for iLO this past week: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778

Set those two preferences listed by cor-el to '''false''' to try to force the device to upgrade to different ciphers. Since you don't want Firefox to use them, it's okay to leave them false even if it doesn't help with this particular connection. Also, it appears there were some firmware updates released for iLO this past week: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778

صاحب السؤال

I tried those Config options and they allowed me to access one of my supplier sites now, but the iLO access is still denied. I'm getting this error:

"Secure Connection Failed

An error occurred during a connection to 10.125.106.48. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial) "

The iLO updates did not do anything to my test server.

I tried those Config options and they allowed me to access one of my supplier sites now, but the iLO access is still denied. I'm getting this error: "Secure Connection Failed An error occurred during a connection to 10.125.106.48. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial) " The iLO updates did not do anything to my test server.
jscher2000
  • Top 10 Contributor
8959 solutions 73404 answers

JDMils said

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)"

I suspect you previously saved an "exception" which matches the current certificate, otherwise Firefox probably wouldn't detect this one as a duplicate. Check out this article for more information and a possible workaround: Certificate contains the same serial number as another certificate.

''JDMils [[#answer-838855|said]]'' <blockquote> Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)" </blockquote> I suspect you previously saved an "exception" which matches the current certificate, otherwise Firefox probably wouldn't detect this one as a duplicate. Check out this article for more information and a possible workaround: [[Certificate contains the same serial number as another certificate]].

Chosen Solution

I found the solution, at least for me. I deleted the file "cert8.db" in the profile folder and it seems to have fixed the issue.

Previous suggestions were really helpful for me to understand certs and stuff so thanks for those links.

I found the solution, at least for me. I deleted the file "cert8.db" in the profile folder and it seems to have fixed the issue. Previous suggestions were really helpful for me to understand certs and stuff so thanks for those links.