Can't add security exceptions
I'm using firefox 32.0.1 on Windows 7 and having a lot of trouble with https -- I can't add any security exceptions. Problem may have occurred on a prior version of firefox as well (finally posting a question for community support after a couple months with this problem).
When I visit a problematic site (including several run by Duke University), I get a message "This Connection is Untrusted". I click "I understand the risks", "add exception". But I can't get a certificate or confirm a security exception.
I've searched the forum but haven't found a similar issue or solution yet. I have the current firefox version and I've tried disabling all add-ons.
I've been transitioning to Chrome since these problems started happening, but I'd like to get back to Firefox. Any thoughts?
Chosen solution
The certificate chain shows the InCommon Server CA intermediate certificate from Internet2 in your blocked examples
intermediate certificate: InCommon Server CA -> AddTrust External CA Root
You can check the Certificate Manager to see if you can locate the certificate under AddTrust AB and remove it.
Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.
If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
Read this answer in context 👍 0All Replies (2)
As a follow up...not all sites are affected. Ex: I can access https://www.bankofamerica.com/ without a problem. But doing a quick search for "https duke" reveals that every https site associated with the university is blocked (https://sakai.duke.edu/, https://www.dukemychart.org/, https://webmail.duke.edu/, etc.). The problem isn't isolated to Duke. Ex: https://wl.mypurdue.purdue.edu/cp/home/displaylogin (Purdue University) is also blocked.
...just a couple examples that I hope provide more information - certainly not an isolated problem for me though.
Thanks in advance for any suggestions!
Chosen Solution
The certificate chain shows the InCommon Server CA intermediate certificate from Internet2 in your blocked examples
intermediate certificate: InCommon Server CA -> AddTrust External CA Root
You can check the Certificate Manager to see if you can locate the certificate under AddTrust AB and remove it.
Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.
If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.