X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Can't connect to SSL management interface on HP server; works with IE and Chrome after adding exception

Posted

When I try to connect to the internal (10.1.20.91) address of the web management interface (HP ILO) on an HP Integrity rx2800 server, I get the following error:

Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)

It seems that Firefox 25.0.1 will not allow this self-signed certificate.

IE and Chrome work, after allowing an exception. Previously, I was able to add an exception under Firefox.

I tried again will add-ons disabled, but it makes no difference.

Here's the full error:

Secure Connection Failed

An error occurred during a connection to 10.1.20.91. Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Post a Reply

Additional System Details

Installed Plug-ins

  • Google Update
  • Shockwave Flash 11.9 r900
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.05
  • LogMeIn, Inc. Remote Access Components

Application

  • Firefox 25.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
  • Support URL: https://support.mozilla.org/1/firefox/25.0.1/WINNT/en-US/

Extensions

  • Adblock Plus 2.4 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Beef Taco (Targeted Advertising Cookie Opt-Out) 1.3.7 (john@velvetcache.org)
  • DuckDuckGo Plus 0.3.8 (jid1-ZAdIEUB7XOzOJw@jetpack)
  • Flashblock 1.5.17 ({3d7eb24f-2740-49df-8937-200b1cc08f8a})
  • LogMeIn, Inc. Remote Access Plugin 1.0.0.1024 (LogMeInClient@logmein.com)
  • NoScript 2.6.8.5 ({73a6fe31-595d-460b-a920-fcc0f8843232})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce GT 520
  • adapterDescription2:
  • adapterDeviceID: 0x1040
  • adapterDeviceID2:
  • adapterDrivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterDrivers2:
  • adapterRAM: 1024
  • adapterRAM2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • clearTypeParameters: DISPLAY1 [ Gamma: 2200 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 300 ] DISPLAY3 [ Gamma: 2200 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 50 ]
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 1-18-2013
  • driverDate2:
  • driverVersion: 9.18.13.1106
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce GT 520 Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Direct3D 10

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.fixup.alternate.enabled: False
  • browser.places.smartBookmarksVersion: 4
  • browser.search.suggest.enabled: False
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131112160018
  • browser.startup.homepage_override.buildID: 20131112160018
  • browser.startup.homepage_override.mstone: 25.0.1
  • browser.tabs.warnOnClose: False
  • browser.urlbar.trimURLs: False
  • browser.zoom.siteSpecific: False
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 25.0.1
  • font.internaluseonly.changed: True
  • general.useragent.extra.microsoftdotnet: ( .NET CLR 3.5.30729; .NET4.0E)
  • gfx.direct3d.last_used_feature_level_idx: 0
  • gfx.direct3d.prefer_10_1: True
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1385428295
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.java: 0
  • plugin.state.npauthz: 0
  • plugin.state.npnv3dv: 0
  • plugin.state.npnv3dvstreaming: 0
  • plugin.state.npspwrap: 0
  • plugin.state.npvlc: 0
  • privacy.cpd.cookies: False
  • privacy.cpd.downloads: False
  • privacy.cpd.formdata: False
  • privacy.cpd.history: False
  • privacy.cpd.sessions: False
  • privacy.donottrackheader.enabled: True
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 0
  • security.disable_button.openCertManager: False
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1383955477

Misc

  • User JS: No
  • Accessibility: No
gnittala 28 solutions 307 answers

Hello, In this case, looks like the SSL certificate might not have been created for SSL/TLS authentication. Would it be possible for you to check the extended key usage section of the certificate for the extensions

  1. Certificate key usage
  2. Extended key usage

would give you more details. And based on whether the certificate has support for 'Server Authentication' you might have to regenerate the certificate.

Another thing to check would be to see if recently an intermediate CA was added to the certificate chain - that could be the cause of the issue you are facing.

Though I do understand your concern that this issue popped up only for Firefox 25.1. Would it be possible for you to provide the certificate (or generate another one), so that I can test this on a webserver. And also, can you please confirm the exception you created on the previous version of Firefox?

References

  1. Error description on Mozilla-Crypto
  2. Error description on Stack Overflow

Hope this helps.

Was this helpful to you? 2
Reply
cor-el
  • Top 10 Contributor
  • Moderator
10776 solutions 96959 answers

Did you check in the Certificate Manager if you can locate a previously exception with this certificate?

You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

Was this helpful to you? 0
Reply

Question owner

More info:

Renaming the cert8.db didn't change anything.

I get into these ILO interfaces fairly often and I can say that Firefox had a problem over a year ago (or so) where it would let you in once and then say (IIRC) Invalid Cookie on subsequent attempts. Maybe deleting the cert8.db would fix that. Anyway, an update fixed that issue.

I just tested with Firefox 17 and it worked fine. Here are screen shots and the .cer file I exported. This is from a different (virgin) server at .93 https://www.dropbox.com/l/gGYGz2myJnUu9uNoPwsYxd (Hope this works -- I'm new to DropBox)

IE says:

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website was issued for a different website's address.

I didn't generate the certificate; the come pre-generated by HP. Anyway, I tried re-generating the certificate and I now get this error:

Secure Connection Failed

An error occurred during a connection to 10.1.20.91. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
   Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

I tried to attach the exported certificate, but I seem to only be allowed to upload graphical images.

IE Key Usage says: Certificate Signing, Off-line CRL Signing, CRL Signing (06)

Was this helpful to you? 0
Reply

Question owner

BTW: I tested with Firefox 23 and 24 and they had the same problem. It's hard (impossible?) to find old versions of Firefox on the Firefox site. I think my 17 version is trying to force me to upgrade as we converse....

Was this helpful to you? 0
Reply
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.