X
Tryk her for at gå til webstedets mobilversion.

Supportforum

Self signed SSL Certificates no longer work after upgrade to 37.0.1

Skrevet

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site.

http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/

I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1.

The network setting is already set to use "No Proxy"

How do I fix this?

Windows 8.1 Pro IIS 8

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site. http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/ I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1. The network setting is already set to use "No Proxy" How do I fix this? Windows 8.1 Pro IIS 8

Yderligere systemdetaljer

Installerede plugins

  • Battlelog Game Launcher (2.6.2)
  • Google Update
  • Intel web components for Intel® Identity Protection Technology
  • Intel web components updater - Installs and updates the Intel web components
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.31.2 for Mozilla browsers
  • Office Authorization plug-in for NPAPI browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • The plugin allows you to have a better experience with Microsoft SharePoint
  • Picasa plugin
  • Shockwave Flash 15.0 r0
  • 5.1.30514.0
  • iTunes Detector Plug-in

Program

  • Firefox 37.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
  • Support-URL: https://support.mozilla.org/1/firefox/37.0.1/WINNT/en-US/

Udvidelser

  • Firebug 2.0.8 (firebug@software.joehewitt.com)
  • Toggle JavaScript 0.6 (jid1-KYgT07tufVQH4w@jetpack)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Xmarks 4.3.6 (foxmarks@kei.com)
  • YSlow 3.1.8 (yslow@yahoo-inc.com)
  • Clear Cache Button 0.9f ({563e4790-7e70-11da-a72b-0800200c9a66}) (Inactive)
  • DAP Link Checker 1.0.1.8 (daplinkchecker@speedbit.com) (Inactive)
  • Download Accelerator Plus (DAP) extension 10.0.5.1 ({F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}) (Inactive)
  • FiddlerHook 2.4.9.7 (fiddlerhook@fiddler2.com) (Inactive)
  • FireQuery 1.4.1 (firequery@binaryage.com) (Inactive)
  • TVersitybar 10.37.0.508 ({66bd2442-241b-44cd-8c7a-b51037053cdb}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Grafik

  • adapterDescription: AMD Radeon R9 200 Series
  • adapterDescription2:
  • adapterDeviceID: 0x67b1
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 aticfx32 aticfx32 aticfx32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 4095
  • adapterRAM2:
  • adapterSubsysID: 00000000
  • adapterSubsysID2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.17111
  • driverDate: 11-20-2014
  • driverDate2:
  • driverVersion: 14.501.1003.0
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon R9 200 Series Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Ændrede indstillinger

Diverse

  • User JS: Nej
  • Tilgængelighed: Nej
Luk
cor-el
  • Top 10 Contributor
  • Moderator
17681 løsninger 159964 svar

Some cipher suites have been removed in Firefox 37.

What cipher suite use other browsers in case it is not the certificate?

You can check the Connection tab in Google Chrome (click the padlock).

Some cipher suites have been removed in Firefox 37. What cipher suite use other browsers in case it is not the certificate? You can check the Connection tab in Google Chrome (click the padlock).
LottoTotto 0 løsninger 2 svar

I have exactly the same problem. All servers and devices that use a self-signed certificate are not reachable anymore via FF37.0.1 after upgrade to FF 37.0.1. Firefox prints:

"Secure Connection Failed

The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

I'm not getting the chance to add an exception hence no access to the server anymore. This is a severe problem, because all internally used Glassfish servers in our test environments run with self-signed certificates. As Firefox blocks access to them I cannot maintain my servers anymore. I have the same problem with Chrome but not with IE - IE is the offers to add an exception but suffers the blank page problem when accessing Glassfish.

I tried to adjust the following values in the FF config: security.tls.version.min = 0 ;default deleted cert8.db and restarted FF

I'm really lost, kindly advise.

I have exactly the same problem. All servers and devices that use a self-signed certificate are not reachable anymore via FF37.0.1 after upgrade to FF 37.0.1. Firefox prints: "Secure Connection Failed The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem." I'm not getting the chance to add an exception hence no access to the server anymore. This is a severe problem, because all internally used Glassfish servers in our test environments run with self-signed certificates. As Firefox blocks access to them I cannot maintain my servers anymore. I have the same problem with Chrome but not with IE - IE is the offers to add an exception but suffers the blank page problem when accessing Glassfish. I tried to adjust the following values in the FF config: security.tls.version.min = 0 ;default deleted cert8.db and restarted FF I'm really lost, kindly advise.

Spørgsmålsstiller

I downgraded FF to version 36.0.4 because they don't seem too concerned that they've introduced a major breaking change.

If you decide to downgrade make sure you disable automatic updates before you downgrade; otherwise it will just re-upgrade you within seconds.

Options -> Advanced -> Update -> Never check ...

I downgraded FF to version 36.0.4 because they don't seem too concerned that they've introduced a major breaking change. If you decide to downgrade make sure you disable automatic updates '''before''' you downgrade; otherwise it will just re-upgrade you within seconds. '''Options -> Advanced -> Update -> Never check ...'''
reneh 0 løsninger 3 svar

I have the same problem on my Mac. I thought it was Mac-specific.

I have the same problem on my Mac. I thought it was Mac-specific.

Spørgsmålsstiller

cor-el my certificate details are as follows:

Connection Encrypted (tls_ecdhe_rsa_with_aes_256_cbc_sha, 256 bit keys, TLS 1.1)

Certificate Signature Alorithm: PKCS #1 SHA-512 With RSA Encryption

cor-el my certificate details are as follows: Connection Encrypted (tls_ecdhe_rsa_with_aes_256_cbc_sha, 256 bit keys, TLS 1.1) Certificate Signature Alorithm: PKCS #1 SHA-512 With RSA Encryption
LottoTotto 0 løsninger 2 svar

We have found a solution that worked for us. We re-created the certificates as RSA certificates and imported them as domain certificates into Glassfish keystore / truststore and it worked. FF offered a certificate exception and if one accepts everything, it'll be OK. The original certificate which did not work was a DES cert. The certificate that worked for us (GF 3, FF37.0.1) was created as follows:

  1. keytool -genkey -alias s1as -keyalg RSA -keysize 2048 -keystore keystore.jks

So far so good for us. However, I would FF expect to give a more meaningful message. It would also have saved us time if these kind of changes are documented for every new release of FF - are they? If yes, it would be helpful to get the link where this is documented.

We have found a solution that worked for us. We re-created the certificates as RSA certificates and imported them as domain certificates into Glassfish keystore / truststore and it worked. FF offered a certificate exception and if one accepts everything, it'll be OK. The original certificate which did not work was a DES cert. The certificate that worked for us (GF 3, FF37.0.1) was created as follows: # keytool -genkey -alias s1as -keyalg RSA -keysize 2048 -keystore keystore.jks So far so good for us. However, I would FF expect to give a more meaningful message. It would also have saved us time if these kind of changes are documented for every new release of FF - are they? If yes, it would be helpful to get the link where this is documented.