X
Tap here to go to the mobile version of the site.

Support Forum

Secure Connection Failed- can not confirm security exception (since update to 31)

Posted

This morning I was able to access our plesk install for our server (I had previously confirmed the security exception after getting the warning) without problem. Then firefox updated to 31 and now it is giving me this error: Secure Connection Failed

An error occurred during a connection to (**website**). Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

With no option to confirm any security exception. I am still able to access it through Chrome, but we all use firefox here (and would like to keep doing so). I checked on the computers that haven't updated yet and they were able to get in still, I updated one of them and now they are getting the same error, so it is a firefox issue with the new update.

Any help would be appreciated!

This morning I was able to access our plesk install for our server (I had previously confirmed the security exception after getting the warning) without problem. Then firefox updated to 31 and now it is giving me this error: Secure Connection Failed An error occurred during a connection to (**website**). Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid) With no option to confirm any security exception. I am still able to access it through Chrome, but we all use firefox here (and would like to keep doing so). I checked on the computers that haven't updated yet and they were able to get in still, I updated one of them and now they are getting the same error, so it is a firefox issue with the new update. Any help would be appreciated!

Chosen solution

Can you post the Bug number for reference?

You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

Read this answer in context 11

Additional System Details

Installed Plug-ins

  • Shockwave Flash 14.0 r0
  • Next Generation Java Plug-in 10.60.2 for Mozilla browsers
  • Google Update
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.07
  • iTunes Detector Plug-in
  • A plugin to detect whether the Adobe Extension Manager is installed on this machine.
  • Adobe PDF Plug-In For Firefox and Netscape "9.5.5"
  • Office on Demand Plugin
  • A plugin to detect whether the Adobe Application Manager is installed on this machine.
  • NPWLPG
  • Plugin for Wacom tablets.

Application

  • Firefox 31.0
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
  • Support URL: https://support.mozilla.org/1/firefox/31.0/WINNT/en-US/

Extensions

  • AmazonSmile 1Button for Firefox 1.0 (smile1Button@amazon.com)
  • ColorZilla 2.8 ({6AC85730-7D0F-4de0-B3FA-21142DD85326})
  • Firebug 2.0.2 (firebug@software.joehewitt.com)
  • Office Launcher 1.0 (officelaunch@microsoft.com)
  • Print / Print Preview (Update) 0.7.7 (printprintpreview-andrewsfirefoxextensions@gmail.com)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Universal Print 0.4.25 ({BE2100B3-1D80-48eb-ACCF-D26750644378})
  • avast! Online Security 9.0.2021.112 (wrc@avast.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: AMD Radeon HD 7400 Series
  • adapterDescription2:
  • adapterDeviceID: 0x677b
  • adapterDeviceID2:
  • adapterDrivers: aticfx64 aticfx64 aticfx64 aticfx32 aticfx32 aticfx32 atiumd64 atidxx64 atidxx64 atiumdag atidxx32 atidxx32 atiumdva atiumd6a atitmm64
  • adapterDrivers2:
  • adapterRAM: 1024
  • adapterRAM2:
  • adapterVendorID: 0x1002
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.17111
  • driverDate: 9-10-2013
  • driverDate2:
  • driverVersion: 13.152.1.1000
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (AMD Radeon HD 7400 Series Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 10

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.cache.frecency_experiment: 2
  • browser.places.smartBookmarksVersion: 7
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140716183446
  • browser.startup.homepage: https://mail.google.com/mail/u/0/?hl=en&shva=1#inbox|https://www.google.com/calendar/render?tab=mc
  • browser.startup.homepage_override.buildID: 20140716183446
  • browser.startup.homepage_override.mstone: 31.0
  • browser.tabs.warnOnClose: False
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 31.0
  • font.internaluseonly.changed: False
  • gfx.direct3d.last_used_feature_level_idx: 0
  • gfx.direct3d.prefer_10_1: True
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1406122068
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.np_wtapp: 0
  • plugin.state.npauthz: 0
  • plugin.state.npdeployjava: 0
  • plugin.state.npspwrap: 0
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 0
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1404741040

Misc

  • User JS: No
  • Accessibility: No
cor-el
  • Top 10 Contributor
  • Moderator
17871 solutions 161723 answers
This can be caused by the usage of mozpkix (mozilla::pkix) in the Firefox 31 release. *https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ *https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes You could consider to file a bug about this. ---- *[[/forums/contributors/710500]] *https://www.mozilla.org/en-US/firefox/31.0/releasenotes/

Question owner

Thank you- I submitted a bug report. It is strange though, on our windows 7 machine this isn't a problem at all. (even after I updated firefox there) I disabled all add-ons and still had the error on our windows 8.1 machine though.

Thank you- I submitted a bug report. It is strange though, on our windows 7 machine this isn't a problem at all. (even after I updated firefox there) I disabled all add-ons and still had the error on our windows 8.1 machine though.
cor-el
  • Top 10 Contributor
  • Moderator
17871 solutions 161723 answers

Chosen Solution

Can you post the Bug number for reference?

You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

Can you post the Bug number for reference? You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored. If that helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

Modified by cor-el

Question owner

The bug number is 1042889

I tried your solution to rename the cert8.db file and then restarted firefox and it worked! Thank you very much!

The bug number is 1042889 I tried your solution to rename the cert8.db file and then restarted firefox and it worked! Thank you very much!
cor-el
  • Top 10 Contributor
  • Moderator
17871 solutions 161723 answers

You're welcome

You're welcome
linuxbaby03 0 solutions 1 answers

Helpful Reply

My friend has found a workaround: [7/24/14, 10:08:46 AM] Andy Nowakowski: go to 'about:config' in a new tab [7/24/14, 10:09:13 AM] Andy Nowakowski: toggle security.use_mozillapkix_verification [7/24/14, 10:09:23 AM] Andy Nowakowski: and it will return to previous behavior

found on the bugzilla :)

(fixed pref name - c)

My friend has found a workaround: [7/24/14, 10:08:46 AM] Andy Nowakowski: go to 'about:config' in a new tab [7/24/14, 10:09:13 AM] Andy Nowakowski: toggle security.use_mozillapkix_verification [7/24/14, 10:09:23 AM] Andy Nowakowski: and it will return to previous behavior found on the bugzilla :) ''(fixed pref name - c)''

Modified by cor-el

ddavister 0 solutions 1 answers

I'm also experiencing this issue while trying to access my website running locally in Eclipse. It didn't used to be a problem, but now in version 33 I cannot access my site. I tried renaming both cert8.db and secmod.db and that did not help. I did not find security.use_mozillapkix_verification in about:config, so that didn't help. Any other ideas? Isn't there a way to add exceptions to this security rule, like in the past?

I'm also experiencing this issue while trying to access my website running locally in Eclipse. It didn't used to be a problem, but now in version 33 I cannot access my site. I tried renaming both ''cert8.db'' and ''secmod.db'' and that did not help. I did not find ''security.use_mozillapkix_verification'' in about:config, so that didn't help. Any other ideas? Isn't there a way to add exceptions to this security rule, like in the past?
dietmarh 0 solutions 1 answers

Helpful Reply

I had to raise the issue as a new question, because we found no other way to create a support account. Anyway: after reading and trying all above, In release 32 and above we get NO popup window to configure exceptions. whatever got broken, the clean way out would be to add an always accessible menu to the options/security tab. To prevent any debate about the need for exceptions: the certificate of our main router is expired and buying a new one for such a ridiculous reason, causing up to 3 days of LAN resource and security configurations on the router is not an economic option. Having 262 users with the same problem means there are thousands of users solving the problem by walking to another browser. So, please reconsider the importance of the problem! Firefox is broken, not our router. (this is posted using Firefox 31.0 the last properly working release)

I had to raise the issue as a new question, because we found no other way to create a support account. Anyway: after reading and trying all above, In release 32 and above we get NO popup window to configure exceptions. whatever got broken, the clean way out would be to add an always accessible menu to the options/security tab. To prevent any debate about the need for exceptions: the certificate of our main router is expired and buying a new one for such a ridiculous reason, causing up to 3 days of LAN resource and security configurations on the router is not an economic option. Having 262 users with the same problem means there are thousands of users solving the problem by walking to another browser. So, please reconsider the importance of the problem! Firefox is broken, not our router. (this is posted using Firefox 31.0 the last properly working release)