Https Error code: sec_error_bad_der
Hi all,
I blocked by a problem and any help should be appreciated.
Since we migrated to Firefox ESR 38.0.1 (windows 7 x64 ENT) we are no more abble to connect to a few intranet HTTPS Website.
I saw a few post on this forum with some solution to the error message below but nothing is working for me.
Error message : An error occurred during a connection to st-2000app13-spa.****.cloud. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)
I tried to modify in "about:config" "security.tls.insecure_fallback_hosts" to add the address or to change "security.tls.version.min" value to 0 but without success.
The connexion is working with Ip address but not with the FQDN.
Certificate on the intranet site is ok and connexion is made on TLS 1.2. what I can see in the certificate is "TLS_RSA_WITH_AES_128_CBC_SHA, 128 bits key" that seems to be supported by Firefox ESR 38.0.1.
I don't know lots about certificate but I saw on the forum some problems with the alternative name in the certificate, on mine the only thing i can see is :
Certificate Subject Alt Name : Not Critical DNS Name: 10.3.0.22 DNS Name: st-2000app13-spa.****.cloud
Any Idea on what I should try to solve this issue ? or just Wait for that problem to be fixed in futur version of Firefox ESR
All Replies (16)
hi according to https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#Error_Codes_in_Firefox_2 this error code means "that the certificate is not properly encoded according to ASN.1 (DER) encoding" and the suggestion is to re-generate the certificate...
Thanks for your answer, I'll see with the people that manage certificates if the can generate a new one to test and let you know the result but what I can't understand is why it was working with Firefox ESR 36.0.1 with the same certificate? Can you tell me what changed ?
hi, the old ESR version was firefox 31 ESR - i presume you were referring to that as the version that was working until now. since then, firefox is using a new certificate verification engine (https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/), that might be stricter in some non-standard complying circumstances.
My problem seems to be in the Certificate Subject Alt Name because it contain an IP address referenced like a DNS entry.
I'll try to generate a new certificate in a few days and keep this post up to date as soon as possible
Hi aass1122, this thread is about a problem accessing a secure site (HTTPS). You posted a regular address (HTTP) so I think your question probably is different.
You can start a new question here:
https://support.mozilla.org/questions/new/desktop/
Please scroll down past the suggested articles if they are not relevant to your problem.
不对啊,,是这个的http://ag1.sxrt1022.hm010.com/admin后台在那里登陆
Hi aass1122, that login form submits to a non-secure address:
http://ag1.sxrt1022.hm010.com/admin/main2.aspx
If you do not enter a verification code, you cannot test beyond that.
If I try a secure address:
https://ag1.sxrt1022.hm010.com/admin/main2.aspx
Firefox cannot connect at all.
我怎么打开不了。是不是需要安装什么呢。账号密码也不知道是多少
Hi aass1122, I'm sorry, I do not know anything about that site. I think it is suspicious how many computed URL redirects they do, like they are trying to hide something, so I will not be exploring it further.
在那里可以找到有关网站管理员的信息呢 http://ag1.sxrt1022.hm010.com/admin/
Hi aass1122, the "whois" report for hm010.com shows:
Registrant Name: yuanfei li Registrant Street: guangdongsheng shenzhenshi Registrant City: shenzhenshi Registrant State/Province: guangdongsheng Registrant Postal Code: 675544 Registrant Country: China Registrant Phone: +86.075567891234 Registrant Email: qy888666@gmail.com
Admin Name: yuanfei li Admin Street: guangdongsheng shenzhenshi Admin City: shenzhenshi Admin State/Province: guangdongsheng Admin Postal Code: 675544 Admin Country: China Admin Phone: +86.075567891234 Admin Email: qy888666@gmail.com
I do not know whether this information is accurate.
在那里有提示这个网站http://ag1.sxrt1022.hm010.com/admin/管理员的账号信息呢
Hi aass1122, I do not think anyone on this forum can provide account information for that website. This is the support forum for the Firefox browser, not for that website.
aass1122 said
怎么注册账号
I'm sorry, this is off topic for this forum. Please contact that website for more information.