Getting certificate invalid error because of proxy Z-Scaler event though certificate is trusted
Hi,
I have installed Z-Scaler proxy root CA certificate in Firefox for enabling SSL inspection. It works fine for most websites, but for google.com and a few others I get every day a certificate invalid/not trusted error and I have to restart Firefox to get the error to go away. Any ideas of what I can do to improve this behaviour? Any configuration I missed?
It's very similar issue to https://support.mozilla.org/en-US/questions/1199797, except that when I restart Firefox it works.
Thanks in advance for your help
Keazen oplossing
I'm puzzled why restarting helps. But since it's Google, let me mention...
Several users have linked the "zero round trip resumption" feature with losing their Google connection in mid-session, including "Oops" messages on Gmail. This feature is intended to speed up website connections. (Explainer post by CloudFlare) However, there seems to be some kind of compatibility issue. You can disable it as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste security.tls.enable_0rtt_data and pause while the list is filtered
(3) Double-click the preference to switch the value from true to false
After that, try Google again. Any improvement?
Dit antwurd yn kontekst lêze 👍 0Alle antwurden (3)
Keazen oplossing
I'm puzzled why restarting helps. But since it's Google, let me mention...
Several users have linked the "zero round trip resumption" feature with losing their Google connection in mid-session, including "Oops" messages on Gmail. This feature is intended to speed up website connections. (Explainer post by CloudFlare) However, there seems to be some kind of compatibility issue. You can disable it as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste security.tls.enable_0rtt_data and pause while the list is filtered
(3) Double-click the preference to switch the value from true to false
After that, try Google again. Any improvement?
Hi jscher2000,
Thanks a lot for your quick response. I've just done the change you mentioned and will keep you posted on whether it works or not.
Best regards,
Alex
Hi jscher2000,
After a few days of observation, I can confirm your proposed solution solved my problem with certificate trusting.
On the downside, it seems to have degraded the stability of Google Meet, which I guess is expected because I've just turn off a feature for improving performance.
Best regards,
Alex