X
Tap here to go to the mobile version of the site.

Support Forum

i cannot open the website of my school, i get SEC_ERROR_REVOKED_CERTIFICATE

Posted

since firefox upgraded to 51 (this morning) i am not able to open my school's site i get the answer SEC_ERROR_REVOKED_CERTIFICATE; telling the certificate was peer's. until they correct the certification isn't there a way to bypass the blocking of the site, that i trust, and i need to work in ? thanks to all

since firefox upgraded to 51 (this morning) i am not able to open my school's site i get the answer SEC_ERROR_REVOKED_CERTIFICATE; telling the certificate was peer's. until they correct the certification isn't there a way to bypass the blocking of the site, that i trust, and i need to work in ? thanks to all

Chosen solution

It is a StartCom certificate and thus affected by the security issue posted above.

  • Issuer StartCom Class 2 IV Server CA
Distrusting New WoSign and StartCom Certificates

Mozilla has discovered that a Certificate Authority (CA) called WoSign has had a number of technical and management failures. Most seriously, we discovered they were backdating SSL certificates in order to get around the deadline that CAs stop issuing SHA-1 SSL certificates by January 1, 2016. Additionally, Mozilla discovered that WoSign had acquired full ownership of another CA called StartCom and failed to disclose this, as required by Mozilla policy. The representatives of WoSign and StartCom denied and continued to deny both of these allegations until sufficient data was collected to demonstrate that both allegations were correct. The levels of deception demonstrated by representatives of the combined company have led to Mozilla’s decision to distrust future certificates chaining up to the currently-included WoSign and StartCom root certificates.
This change will go into the Firefox 51 release train.

You can contact the website and point them to the article:

You can consider to use the Firefox 45.7.0 ESR version that doesn't have this fix yet if you are willing to take the risk.

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Shockwave Flash 24.0 r0

Application

  • User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0

More Information

philipp
  • Top 25 Contributor
  • Moderator
5330 solutions 23537 answers

Helpful Reply

Browsers look at a website's certificates so that your information remains safe when it connects you to that website. Recently, an issue has been discovered with two types of certificates: WoSign and StartCom. Websites that use these certificates will no longer work with major browsers, including Firefox. This is to ensure your information doesn't get stolen when you visit these websites.

For more information, see Distrusting New WoSign and StartCom Certificates.

Browsers look at a website's certificates so that your information remains safe when it connects you to that website. Recently, an issue has been discovered with two types of certificates: WoSign and StartCom. Websites that use these certificates will no longer work with major browsers, including Firefox. This is to ensure your information doesn't get stolen when you visit these websites. For more information, see [https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ Distrusting New WoSign and StartCom Certificates].

Question owner

in my case the error message is Peer’s Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE

I understand your answer but is there for me a way to bypass, since in that case there is no risk, who will stole or pirate a math course ?

in my case the error message is Peer’s Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE I understand your answer but is there for me a way to bypass, since in that case there is no risk, who will stole or pirate a math course ?
philipp
  • Top 25 Contributor
  • Moderator
5330 solutions 23537 answers

depending on the site it may be possible to access it through a http url. please note that other browsers like google chrome are also revoking trust in these root CAs so it's ultimately the task of your school to rectify the situation.

depending on the site it may be possible to access it through a http url. please note that other browsers like google chrome are also revoking trust in these root CAs so it's ultimately the task of your school to rectify the situation.

Question owner

if i understand in place of https: i try http:

it did not work anything else ?

if i understand in place of https: i try http: it did not work anything else ?
cor-el
  • Top 10 Contributor
  • Moderator
17689 solutions 160037 answers

Just to be sure, try to create a new profile to test if your current profile is causing the problem.

See "Creating a profile":

If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over problems.

Just to be sure, try to create a new profile to test if your current profile is causing the problem. See "Creating a profile": *https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over problems. *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

Question owner

thanks for your help but even with the new profile it did not work let me add that on a computer where i did not upgrade firefox to 51 it works and on a third one (windows old) that upgraded itself it does not work

thanks for your help but even with the new profile it did not work let me add that on a computer where i did not upgrade firefox to 51 it works and on a third one (windows old) that upgraded itself it does not work
cor-el
  • Top 10 Contributor
  • Moderator
17689 solutions 160037 answers

Helpful Reply

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?

You can check the server via this website:

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)? You can check the server via this website: *https://www.ssllabs.com/ssltest/

Question owner

i checked and if you send me a direction i'll send you the results at a first look (and taking in account that i do not know much) the testing seems positive

about the site it is under authentication except the first page https://campus.groupe-efrei.fr/

thanks for your help

i checked and if you send me a direction i'll send you the results at a first look (and taking in account that i do not know much) the testing seems positive about the site it is under authentication except the first page https://campus.groupe-efrei.fr/ thanks for your help
cor-el
  • Top 10 Contributor
  • Moderator
17689 solutions 160037 answers

Chosen Solution

It is a StartCom certificate and thus affected by the security issue posted above.

  • Issuer StartCom Class 2 IV Server CA
Distrusting New WoSign and StartCom Certificates

Mozilla has discovered that a Certificate Authority (CA) called WoSign has had a number of technical and management failures. Most seriously, we discovered they were backdating SSL certificates in order to get around the deadline that CAs stop issuing SHA-1 SSL certificates by January 1, 2016. Additionally, Mozilla discovered that WoSign had acquired full ownership of another CA called StartCom and failed to disclose this, as required by Mozilla policy. The representatives of WoSign and StartCom denied and continued to deny both of these allegations until sufficient data was collected to demonstrate that both allegations were correct. The levels of deception demonstrated by representatives of the combined company have led to Mozilla’s decision to distrust future certificates chaining up to the currently-included WoSign and StartCom root certificates.
This change will go into the Firefox 51 release train.

You can contact the website and point them to the article:

You can consider to use the Firefox 45.7.0 ESR version that doesn't have this fix yet if you are willing to take the risk.

It is a StartCom certificate and thus affected by the security issue posted above. *Issuer StartCom Class 2 IV Server CA *https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ <blockquote><pre>Distrusting New WoSign and StartCom Certificates Mozilla has discovered that a Certificate Authority (CA) called WoSign has had a number of technical and management failures. Most seriously, we discovered they were backdating SSL certificates in order to get around the deadline that CAs stop issuing SHA-1 SSL certificates by January 1, 2016. Additionally, Mozilla discovered that WoSign had acquired full ownership of another CA called StartCom and failed to disclose this, as required by Mozilla policy. The representatives of WoSign and StartCom denied and continued to deny both of these allegations until sufficient data was collected to demonstrate that both allegations were correct. The levels of deception demonstrated by representatives of the combined company have led to Mozilla’s decision to distrust future certificates chaining up to the currently-included WoSign and StartCom root certificates. This change will go into the Firefox 51 release train. </pre></blockquote> You can contact the website and point them to the article: *https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ You can consider to use the Firefox 45.7.0 ESR version that doesn't have this fix yet if you are willing to take the risk. *https://www.mozilla.org/en-US/firefox/organizations/all/ *https://www.mozilla.org/en-US/firefox/organizations/notes/ *https://www.mozilla.org/en-US/firefox/organizations/system-requirements/

Question owner

let's say it is on the way to be solved it depends now on the website many thanks to all of you Patrick Teller

let's say it is on the way to be solved it depends now on the website many thanks to all of you Patrick Teller