X
Tap here to go to the mobile version of the site.

Support Forum

How can I display content blocked by an invalid security certificate?

Posted

I am using Firefox 30.0 which I installed to replace IE8. I log in to my health insurance site. When I try to go to the Provider Directory Search (PDS), nothing happens. I thought the PDS might be a pop-up so I tried both making the web page a pop-up exception and then also just turning the pop up blocker off completely. Neither helped.

I then tried to access the same PDS page via IE8 and IE8 displayed a “Content was blocked because it was not signed by a valid security certificate” error page. Also, IE8 displayed a bar with options that allowed me to display blocked content regardless of the status of the security certificate. The PDS page then displayed.

I went back to FF30 and tried again. The PDS page did not display and no error message nor options bar was displayed. Next, I tried finding an option related to this problem. Options/Security had nothing for Security Certificates. Options/Advanced/Security seemed to deal with security certificates my copy of FF30 would provide to web sites and not the web sites certificates provided to me. I tried clicking on the “lock” icon of the page from which I should be transferred to the PDS page. The security certificate information displays but I could not see any option that would help me and this is the security certificate from the previous page anyway and not the PDS page that is being blocked.

If I could just get a Security Certificate error to display, I was hoping I would then be given the option of displaying the blocked content anyway. Without even an FF30 error condition being displayed (as does IE8), I am unable to proceed.

Ideas about what to try would be greatly appreciated. Thanks, Claude

I am using Firefox 30.0 which I installed to replace IE8. I log in to my health insurance site. When I try to go to the Provider Directory Search (PDS), nothing happens. I thought the PDS might be a pop-up so I tried both making the web page a pop-up exception and then also just turning the pop up blocker off completely. Neither helped. I then tried to access the same PDS page via IE8 and IE8 displayed a “Content was blocked because it was not signed by a valid security certificate” error page. Also, IE8 displayed a bar with options that allowed me to display blocked content regardless of the status of the security certificate. The PDS page then displayed. I went back to FF30 and tried again. The PDS page did not display and no error message nor options bar was displayed. Next, I tried finding an option related to this problem. Options/Security had nothing for Security Certificates. Options/Advanced/Security seemed to deal with security certificates my copy of FF30 would provide to web sites and not the web sites certificates provided to me. I tried clicking on the “lock” icon of the page from which I should be transferred to the PDS page. The security certificate information displays but I could not see any option that would help me and this is the security certificate from the previous page anyway and not the PDS page that is being blocked. If I could just get a Security Certificate error to display, I was hoping I would then be given the option of displaying the blocked content anyway. Without even an FF30 error condition being displayed (as does IE8), I am unable to proceed. Ideas about what to try would be greatly appreciated. Thanks, Claude

Chosen solution

After saving the exception, it should appear in the Options/Preferences dialog here:

Windows: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab

Mac: "3-bar" menu button (or Firefox menu) > Preferences > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab

Ignore the ones that have "*" in the server column. Those generally are built-in certificate blocks.

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Shockwave Flash 14.0 r0
  • Next Generation Java Plug-in 10.55.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • 5.1.30214.0
  • Adobe Shockwave for Director Netscape plug-in, version 12.0.7.148
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • RealPlayer Download Plugin
  • RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
  • RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In
  • RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
  • RealDownloader Plugin
  • RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • getplusplusadobe162103
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • DRM Netscape Network Object
  • Npdsplay dll
  • DRM Store Netscape Plugin
  • DivX Web Player version 1.4.0.233
  • Adobe Acrobat Plug-In Version 7.00 for Netscape
  • MetaStream 3 Plugin r4

Application

  • Firefox 30.0
  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0
  • Support URL: https://support.mozilla.org/1/firefox/30.0/WINNT/en-US/

Extensions

  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Microsoft .NET Framework Assistant 0.0.0 ({20a82645-c095-46ed-80e3-08825760534b}) (Inactive)
  • RealDownloader 1.3.2 ({FCE04E1F-9378-4f39-96F6-5689A9159E45}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce 6200
  • adapterDescription2:
  • adapterDeviceID: 0x0221
  • adapterDeviceID2:
  • adapterDrivers: nv4_disp
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'']
  • directWriteEnabled: False
  • directWriteVersion: 0.0.0.0
  • driverDate: 1-31-2013
  • driverDate2:
  • driverVersion: 6.14.13.783
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 2
  • numTotalWindows: 2
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce 6200 Direct3D9 vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 9

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 7
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140605174243
  • browser.startup.homepage: https://www.google.com/
  • browser.startup.homepage_override.buildID: 20140605174243
  • browser.startup.homepage_override.mstone: 30.0
  • dom.mozApps.used: True
  • extensions.lastAppVersion: 30.0
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1405206508
  • places.history.expiration.transient_current_max_pages: 26813
  • plugin.disable_full_page_plugin_for_types: application/pdf,application/vnd.adobe.xfdf,application/vnd.fdf,application/vnd.adobe.xdp+xml
  • plugin.importedState: True
  • plugin.state.npdsplay: 1
  • privacy.sanitize.migrateFx3Prefs: True
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1404921128

Misc

  • User JS: No
  • Accessibility: No
the-edmeister
  • Top 25 Contributor
  • Moderator
5425 solutions 40491 answers

URL of that insurance website is? I'd like to take a look at that issue first hand.

URL of that insurance website is? I'd like to take a look at that issue first hand.

Question owner

Sorry I didn’t provide the URL the first time.

This is where I start my login https://www.uhcretiree.com/

I end up on this site but, of course, I am logged into my personal account. https://member.uhcmedicaresolutions.com/guest/home.html

I noticed that there is a link on https://www.uhcretiree.com/ to search providers BEFORE being logged in. Remarkably, this link works just fine. It is only AFTER I am logged in and attempt to use the links provided for my personal account am I unable to display the PDS page.

From my experience in IE8 where I can get the PDS page to display from within my account, it is pretty clear that the page accessed from the links in personal accounts is different than the page accessed from https://www.uhcretiree.com/ without being logged into any personal account.

I guess my problem is solved in that I can access the PDS somehow but I would still like to access it from within my personal account. I am certain other pages fail in the same way inside my personal account. I am concerned that other web sites may have the same problem.

Sorry I can't find a representative of the page that fails outside my account.

Claude

Sorry I didn’t provide the URL the first time. This is where I start my login https://www.uhcretiree.com/ I end up on this site but, of course, I am logged into my personal account. https://member.uhcmedicaresolutions.com/guest/home.html I noticed that there is a link on https://www.uhcretiree.com/ to search providers BEFORE being logged in. Remarkably, this link works just fine. It is only AFTER I am logged in and attempt to use the links provided for my personal account am I unable to display the PDS page. From my experience in IE8 where I ''can'' get the PDS page to display from within my account, it is pretty clear that the page accessed from the links in personal accounts is different than the page accessed from https://www.uhcretiree.com/ without being logged into any personal account. I guess my problem is solved in that I can access the PDS somehow but I would still like to access it from within my personal account. I am certain other pages fail in the same way inside my personal account. I am concerned that other web sites may have the same problem. Sorry I can't find a representative of the page that fails outside my account. Claude
cor-el
  • Top 10 Contributor
  • Moderator
17764 solutions 160650 answers

Helpful Reply

You can inspect the certificate chain via a site like this:

You can inspect the certificate chain via a site like this: *http://www.networking4all.com/en/support/tools/site+check/

Question owner

I was able to find the URL of the page that will not display in FF30 by using IE8 and over-riding the Security Certificate error. The report is below including the URL of the offending page which is:

https://epcp-prod-e-eprovider.uhc.com/uhcms_eps_group.html

There is no surprise that this page has a securitry certificate error. The real question is why won't FF30 display an error message and then let me over-ride the Security Certificate to display the blocked content. Note my comments below since the cut&paste didn't transfer everything.

Error while checking the SSL Certificate!!

The SSL Certificate we found on this site is not meant for epcp-prod-e-eprovider.uhc.com/uhcms_eps_group.html, probably this is another site on the same server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.

   - No Heart Bleed vulnerability!
   - SSL Certificate is not expired
   - Site is not listed in the certificate This is displayed with a warning.
   - Organisation details are listed
   - Encryption strength is at least 2048-bit
   - Signature Algorithm is strong
   - Accepting only high encryption cipher suites

- No connection upgrade to 128-bit for old browsers - No Extended Validation on company details These are grayed.

   - No Debian weak key present
   - No known security issues for this Certificate Authority

General info

The SSL Certificate for epcprod-e.uhc.com is signed by COMODO High-Assurance Secure Server CA wich is signed by AddTrust External CA Root wich is signed by AddTrust External CA Root . The SSL Certificate will expire on Thursday 25 September 2014 this means it is still valid for 73 days.

   Send me a reminder when this SSL Certificate is about to expire.
I was able to find the URL of the page that will not display in FF30 by using IE8 and over-riding the Security Certificate error. The report is below including the URL of the offending page which is: https://epcp-prod-e-eprovider.uhc.com/uhcms_eps_group.html There is no surprise that this page has a securitry certificate error. The real question is why won't FF30 display an error message and then let me over-ride the Security Certificate to display the blocked content. Note my comments below since the cut&paste didn't transfer everything. Error while checking the SSL Certificate!! The SSL Certificate we found on this site is not meant for epcp-prod-e-eprovider.uhc.com/uhcms_eps_group.html, probably this is another site on the same server. We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website. - No Heart Bleed vulnerability! - SSL Certificate is not expired ''' - Site is not listed in the certificate''' This is displayed with a warning. - Organisation details are listed - Encryption strength is at least 2048-bit - Signature Algorithm is strong - Accepting only high encryption cipher suites ''' - No connection upgrade to 128-bit for old browsers''' ''' - No Extended Validation on company details''' These are grayed. - No Debian weak key present - No known security issues for this Certificate Authority General info The SSL Certificate for epcprod-e.uhc.com is signed by COMODO High-Assurance Secure Server CA wich is signed by AddTrust External CA Root wich is signed by AddTrust External CA Root . The SSL Certificate will expire on Thursday 25 September 2014 this means it is still valid for 73 days. Send me a reminder when this SSL Certificate is about to expire.
jscher2000
  • Top 10 Contributor
8878 solutions 72629 answers

Hi TrainClaude, are you saying that the third section of the error page (see below) is missing from the error page you get? Or that none of the error page displays?

If that section is missing this typically indicates that the page is framed. Right-click the error page and choose This Frame > Open Frame in New Tab to get the standard error page. This allows you to see the true URL of the framed page before making a decision to grant an exception.

If the page is not shown it could be that the browser is requesting that content in a background (AJAX) request. I'm not aware of a similar workaround in that situation.

Hi TrainClaude, are you saying that the third section of the error page (see below) is missing from the error page you get? Or that none of the error page displays? If that section is ''missing'' this typically indicates that the page is framed. Right-click the error page and choose This Frame > Open Frame in New Tab to get the standard error page. This allows you to see the true URL of the framed page before making a decision to grant an exception. If the page is ''not shown'' it could be that the browser is requesting that content in a background (AJAX) request. I'm not aware of a similar workaround in that situation.

Question owner

No error page is displayed, none at all.

No error page is displayed, none at all.
jscher2000
  • Top 10 Contributor
8878 solutions 72629 answers

Sounds like it is not an ordinary link. If you try to force it into a new tab using Ctrl+click or middle-click (using the scroll wheel on a mouse) on the link, will it open?

Sounds like it is not an ordinary link. If you try to force it into a new tab using Ctrl+click or middle-click (using the scroll wheel on a mouse) on the link, will it open?

Question owner

When I Ctrl-Click on the link, a new tab is opened but it remains blank. The tab itself is titled javascript.epsSearch.init('GROUP');

When I Ctrl-Click on the link, a new tab is opened but it remains blank. The tab itself is titled javascript.epsSearch.init('GROUP');
cor-el
  • Top 10 Contributor
  • Moderator
17764 solutions 160650 answers

It is usually not possible to open such JavaScript links in a new tab by middle-clicking the link or otherwise (Ctrl left-click) because the tab opens and there is no longer access to the script on the opener tab and you get an empty tab instead. You can only left-click links that have onclick JavaScript code tied to it.

It is usually not possible to open such JavaScript links in a new tab by middle-clicking the link or otherwise (Ctrl left-click) because the tab opens and there is no longer access to the script on the opener tab and you get an empty tab instead. You can only left-click links that have onclick JavaScript code tied to it.
jscher2000
  • Top 10 Contributor
8878 solutions 72629 answers

Hmm, that's what I feared. The link action is to run a script, and Firefox apparently is detecting the certificate problem while it is trying to run that script. Instead of showing the new page anyway with a certificate error, it is halting earlier for some reason.

In this case, you can create an exception because you know the problem URL already. But if you didn't have that, I don't know how you would work around it.

Hmm, that's what I feared. The link action is to run a script, and Firefox apparently is detecting the certificate problem while it is trying to run that script. Instead of showing the new page anyway with a certificate error, it is halting earlier for some reason. In this case, you can create an exception because you know the problem URL already. But if you didn't have that, I don't know how you would work around it.

Question owner

Can you tell me where I create this exception? I found several exception lists in FF30 but none seem (to me, anyway) to be the list I need. Thanks.

Can you tell me where I create this exception? I found several exception lists in FF30 but none seem (to me, anyway) to be the list I need. Thanks.
jscher2000
  • Top 10 Contributor
8878 solutions 72629 answers

I think the only convenient way is to load the URL directly and use the built-in Add Exception button on the page. Since you know the URL of the problem site, that should take care of it.

Otherwise, I don't know how you associate the problem certificate with the correct site in the Certificate store.

I think the only convenient way is to load the URL directly and use the built-in Add Exception button on the page. Since you know the URL of the problem site, that should take care of it. Otherwise, I don't know how you associate the problem certificate with the correct site in the Certificate store.
jscher2000
  • Top 10 Contributor
8878 solutions 72629 answers

Chosen Solution

After saving the exception, it should appear in the Options/Preferences dialog here:

Windows: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab

Mac: "3-bar" menu button (or Firefox menu) > Preferences > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab

Ignore the ones that have "*" in the server column. Those generally are built-in certificate blocks.

After saving the exception, it should appear in the Options/Preferences dialog here: Windows: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab Mac: "3-bar" menu button (or Firefox menu) > Preferences > Advanced > Certificates mini-tab > "View Certificates" button > Servers tab Ignore the ones that have "*" in the server column. Those generally are built-in certificate blocks.

Question owner

Thanks jscher2000! That worked fine. Thanks to all of you.

I noticed that a portion of the "Contact" page, that portion with the actual contact information is displayed in IE8 but not in FF30. Because it is only a portion of a page, I don't know how I'd know in other cases. I'll try the same procedure on this one if I can find the URL for the portion of the Contact page that does not appear. No error from either IE8 or FF30. If I determine it is a different problem, I'll post a new question.

When I checked this on IE8, the only contact information for UHC's web site problems was a phone number and I can't hear very well. No email and no chat. I guess I am not impressed with United Health Care's web site.

Thanks jscher2000! That worked fine. Thanks to all of you. I noticed that a portion of the "Contact" page, that portion with the actual contact information is displayed in IE8 but not in FF30. Because it is only a portion of a page, I don't know how I'd know in other cases. I'll try the same procedure on this one if I can find the URL for the portion of the Contact page that does not appear. No error from either IE8 or FF30. If I determine it is a different problem, I'll post a new question. When I checked this on IE8, the only contact information for UHC's web site problems was a phone number and I can't hear very well. No email and no chat. I guess I am not impressed with United Health Care's web site.