X
Tap here to go to the mobile version of the site.

Fóram Tacaíochta

SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION

Postáilte

Websites with self-signed certificates keep breaking and come up with the error on the attached picture. This usually occurs after a Firefox automatic update but it has also happened out of the blue.

One day website works fine, the other day it comes with the error and no certificate has been changed.

Websites with self-signed certificates keep breaking and come up with the error on the attached picture. This usually occurs after a Firefox automatic update but it has also happened out of the blue. One day website works fine, the other day it comes with the error and no certificate has been changed.
Attached screenshots
Luaigh

Tuilleadh mionsonraí faoin chóras

Breiseáin Shuiteáilte

  • Shockwave Flash 32.0 r0

Feidhmchlár

  • Firefox 68.0
  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
  • URL Tacaíochta: https://support.mozilla.org/1/firefox/68.0/WINNT/en-US/

Eisínteachtaí

  • Amazon.co.uk 1.1 (amazon@search.mozilla.org)
  • Bing 1.0 (bing@search.mozilla.org)
  • Cisco Webex Extension 1.5.0 (ciscowebexstart1@cisco.com)
  • Country Flag + 0.2.0 (jid1-s7swGsO2vJBPMv@jetpack)
  • Dark Reader 4.7.13 (addon@darkreader.org)
  • DuckDuckGo 1.0 (ddg@search.mozilla.org)
  • eBay 1.0 (ebay@search.mozilla.org)
  • Google 1.0 (google@search.mozilla.org)
  • Grammarly for Firefox 8.852.2307 (87677a2c52b84ad3a151a4a72f5bd3c4@jetpack)
  • HTTPS Everywhere 2019.6.27 (https-everywhere@eff.org)
  • Open Tabs Next to Current 2.0.12 (opentabsnexttocurrent@sblask)
  • Privacy Badger 2019.7.1.1 (jid1-MnnxcxisBPnSXQ@jetpack)
  • Tab Session Manager 4.5.2 (Tab-Session-Manager@sienori)
  • Twitter 1.0 (twitter@search.mozilla.org)
  • uBlock Origin 1.20.2 (uBlock0@raymondhill.net)
  • WhatsApp™ Quartz 0.1.5 ({e298a99d-c8f5-4267-9c80-1c4e365a8bfa})
  • Wikipedia (en) 1.0 (wikipedia@search.mozilla.org)

JavaScript

  • incrementalGCEnabled: True

Grafaic

  • adapterDescription: Intel(R) UHD Graphics 620
  • adapterDescription2:
  • adapterDeviceID: 0x5917
  • adapterDeviceID2:
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igd12umd64 igdumdim32 igd10iumd32 igd10iumd32 igd12umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 07eb1028
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • clearTypeParameters: \\.\DISPLAY1 [ Gamma: 1.8 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 50 ] \\.\DISPLAY5 [ Gamma: 1.8 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 50 ] \\.\DISPLAY4 [ Gamma: 1.8 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 50 ]
  • contentUsesTiling: False
  • crashGuards: [{u'prefName': u'gfx.crash-guard.status.wmfvpxvideo', u'type': u'wmfvpxvideo'}]
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.17763.615
  • driverDate: 2-28-2018
  • driverDate2:
  • driverVendor:
  • driverVendor2:
  • driverVersion: 23.20.16.4973
  • driverVersion2:
  • failures: [u'[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'CP+[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'CP+[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'CP+[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'CP+[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'CP+[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.', u'CP+[GFX1-]: WMF VPX video decoding is disabled due to a previous crash.']
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'available', u'description': u'Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'HW_COMPOSITING'}, {u'status': u'available', u'description': u'Direct3D11 Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'D3D11_COMPOSITING'}, {u'status': u'available', u'description': u'Direct2D', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'DIRECT2D'}, {u'status': u'available', u'description': u'Direct3D11 hardware ANGLE', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'D3D11_HW_ANGLE'}, {u'status': u'available', u'description': u'GPU Process', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'GPU_PROCESS'}, {u'status': u'opt-in', u'description': u'WebRender', u'log': [{u'status': u'opt-in', u'message': u'WebRender is an opt-in feature', u'type': u'default'}], u'name': u'WEBRENDER'}, {u'status': u'blocked-has-battery', u'description': u'WebRender qualified', u'log': [{u'status': u'available', u'type': u'default'}, {u'status': u'blocked-has-battery', u'message': u'Has battery', u'type': u'env'}], u'name': u'WEBRENDER_QUALIFIED'}, {u'status': u'available', u'description': u'Off Main Thread Painting', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'OMTP'}, {u'status': u'available', u'description': u'Advanced Layers', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'ADVANCED_LAYERS'}]}
  • indices: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
  • info: {u'AzureContentBackend (UI Process)': u'skia', u'AzureCanvasBackend (UI Process)': u'skia', u'ApzWheelInput': 1, u'ApzDragInput': 1, u'ApzKeyboardInput': 1, u'ApzTouchInput': 1, u'AzureFallbackCanvasBackend (UI Process)': u'cairo', u'ApzAutoscrollInput': 1, u'AzureCanvasBackend': u'direct2d 1.1', u'AzureContentBackend': u'direct2d 1.1'}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • offMainThreadPaintEnabled: True
  • offMainThreadPaintWorkerCount: 4
  • targetFrameRate: 60
  • usesTiling: False
  • webgl1DriverExtensions: GL_ANGLE_client_arrays GL_ANGLE_depth_texture GL_ANGLE_explicit_context GL_ANGLE_explicit_context_gles1 GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_instanced_arrays GL_ANGLE_lossy_etc_decode GL_ANGLE_memory_size GL_ANGLE_multi_draw GL_ANGLE_multiview_multisample GL_ANGLE_pack_reverse_row_order GL_ANGLE_program_cache_control GL_ANGLE_provoking_vertex GL_ANGLE_request_extension GL_ANGLE_robust_client_memory GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_CHROMIUM_bind_generates_resource GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_color_buffer_float_rgb GL_CHROMIUM_color_buffer_float_rgba GL_CHROMIUM_copy_compressed_texture GL_CHROMIUM_copy_texture GL_CHROMIUM_sync_query GL_EXT_blend_func_extended GL_EXT_blend_minmax GL_EXT_color_buffer_half_float GL_EXT_debug_marker GL_EXT_discard_framebuffer GL_EXT_disjoint_timer_query GL_EXT_draw_buffers GL_EXT_float_blend GL_EXT_frag_depth GL_EXT_instanced_arrays GL_EXT_map_buffer_range GL_EXT_occlusion_query_boolean GL_EXT_read_format_bgra GL_EXT_robustness GL_EXT_sRGB GL_EXT_shader_texture_lod GL_EXT_texture_compression_bptc GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_s3tc_srgb GL_EXT_texture_filter_anisotropic GL_EXT_texture_format_BGRA8888 GL_EXT_texture_rg GL_EXT_texture_storage GL_EXT_unpack_subimage GL_KHR_debug GL_KHR_parallel_shader_compile GL_KHR_robust_buffer_access_behavior GL_NV_EGL_stream_consumer_external GL_NV_fence GL_NV_pack_subimage GL_NV_pixel_buffer_object GL_OES_EGL_image GL_OES_EGL_image_external GL_OES_compressed_ETC1_RGB8_texture GL_OES_depth32 GL_OES_element_index_uint GL_OES_get_program_binary GL_OES_mapbuffer GL_OES_packed_depth_stencil GL_OES_rgb8_rgba8 GL_OES_standard_derivatives GL_OES_surfaceless_context GL_OES_texture_border_clamp GL_OES_texture_float GL_OES_texture_float_linear GL_OES_texture_half_float GL_OES_texture_half_float_linear GL_OES_texture_npot GL_OES_vertex_array_object OES_compressed_EAC_R11_signed_texture OES_compressed_EAC_R11_unsigned_texture OES_compressed_EAC_RG11_signed_texture OES_compressed_EAC_RG11_unsigned_texture OES_compressed_ETC2_RGB8_texture OES_compressed_ETC2_RGBA8_texture OES_compressed_ETC2_punchthroughA_RGBA8_texture OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture OES_compressed_ETC2_sRGB8_alpha8_texture OES_compressed_ETC2_sRGB8_texture
  • webgl1Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_disjoint_timer_query EXT_float_blend EXT_frag_depth EXT_shader_texture_lod EXT_sRGB EXT_texture_compression_bptc EXT_texture_filter_anisotropic OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context
  • webgl1Renderer: Google Inc. -- ANGLE (Intel(R) UHD Graphics 620 Direct3D11 vs_5_0 ps_5_0)
  • webgl1Version: OpenGL ES 2.0 (ANGLE 2.1.0.8a050090f926)
  • webgl1WSIInfo: EGL_VENDOR: Google Inc. (adapter LUID: 000000000000f666) EGL_VERSION: 1.4 (ANGLE 2.1.0.8a050090f926) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_d3d_texture_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_ANGLE_direct_composition EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_EXT_device_query EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_flexible_surface_compatibility EGL_ANGLE_stream_producer_d3d_texture EGL_ANGLE_create_context_webgl_compatibility EGL_CHROMIUM_create_context_bind_generates_resource EGL_CHROMIUM_sync_control EGL_EXT_pixel_format_float EGL_KHR_surfaceless_context EGL_ANGLE_display_texture_share_group EGL_ANGLE_create_context_client_arrays EGL_ANGLE_program_cache_control EGL_ANGLE_robust_resource_initialization EGL_ANGLE_create_context_extensions_enabled EGL_ANDROID_blob_cache EGL_ANDROID_recordable EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses EGL_KHR_debug EGL_ANGLE_explicit_context
  • webgl2DriverExtensions: GL_ANGLE_client_arrays GL_ANGLE_copy_texture_3d GL_ANGLE_depth_texture GL_ANGLE_explicit_context GL_ANGLE_explicit_context_gles1 GL_ANGLE_framebuffer_blit GL_ANGLE_framebuffer_multisample GL_ANGLE_instanced_arrays GL_ANGLE_lossy_etc_decode GL_ANGLE_memory_size GL_ANGLE_multi_draw GL_ANGLE_multiview_multisample GL_ANGLE_pack_reverse_row_order GL_ANGLE_program_cache_control GL_ANGLE_provoking_vertex GL_ANGLE_request_extension GL_ANGLE_robust_client_memory GL_ANGLE_texture_compression_dxt3 GL_ANGLE_texture_compression_dxt5 GL_ANGLE_texture_multisample GL_ANGLE_texture_usage GL_ANGLE_translated_shader_source GL_CHROMIUM_bind_generates_resource GL_CHROMIUM_bind_uniform_location GL_CHROMIUM_color_buffer_float_rgb GL_CHROMIUM_color_buffer_float_rgba GL_CHROMIUM_copy_compressed_texture GL_CHROMIUM_copy_texture GL_CHROMIUM_sync_query GL_EXT_blend_func_extended GL_EXT_blend_minmax GL_EXT_color_buffer_float GL_EXT_color_buffer_half_float GL_EXT_debug_marker GL_EXT_discard_framebuffer GL_EXT_disjoint_timer_query GL_EXT_draw_buffers GL_EXT_float_blend GL_EXT_frag_depth GL_EXT_instanced_arrays GL_EXT_map_buffer_range GL_EXT_occlusion_query_boolean GL_EXT_read_format_bgra GL_EXT_robustness GL_EXT_sRGB GL_EXT_shader_texture_lod GL_EXT_texture_compression_bptc GL_EXT_texture_compression_dxt1 GL_EXT_texture_compression_s3tc_srgb GL_EXT_texture_filter_anisotropic GL_EXT_texture_format_BGRA8888 GL_EXT_texture_norm16 GL_EXT_texture_rg GL_EXT_texture_storage GL_EXT_unpack_subimage GL_KHR_debug GL_KHR_parallel_shader_compile GL_KHR_robust_buffer_access_behavior GL_NV_EGL_stream_consumer_external GL_NV_fence GL_NV_pack_subimage GL_NV_pixel_buffer_object GL_OES_EGL_image GL_OES_EGL_image_external GL_OES_EGL_image_external_essl3 GL_OES_compressed_ETC1_RGB8_texture GL_OES_depth32 GL_OES_element_index_uint GL_OES_get_program_binary GL_OES_mapbuffer GL_OES_packed_depth_stencil GL_OES_rgb8_rgba8 GL_OES_standard_derivatives GL_OES_surfaceless_context GL_OES_texture_border_clamp GL_OES_texture_float GL_OES_texture_float_linear GL_OES_texture_half_float GL_OES_texture_half_float_linear GL_OES_texture_npot GL_OES_vertex_array_object GL_OVR_multiview2 OES_compressed_EAC_R11_signed_texture OES_compressed_EAC_R11_unsigned_texture OES_compressed_EAC_RG11_signed_texture OES_compressed_EAC_RG11_unsigned_texture OES_compressed_ETC2_RGB8_texture OES_compressed_ETC2_RGBA8_texture OES_compressed_ETC2_punchthroughA_RGBA8_texture OES_compressed_ETC2_punchthroughA_sRGB8_alpha_texture OES_compressed_ETC2_sRGB8_alpha8_texture OES_compressed_ETC2_sRGB8_texture
  • webgl2Extensions: EXT_color_buffer_float EXT_disjoint_timer_query EXT_float_blend EXT_texture_compression_bptc EXT_texture_filter_anisotropic OES_texture_float_linear WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_lose_context
  • webgl2Renderer: Google Inc. -- ANGLE (Intel(R) UHD Graphics 620 Direct3D11 vs_5_0 ps_5_0)
  • webgl2Version: OpenGL ES 3.0 (ANGLE 2.1.0.8a050090f926)
  • webgl2WSIInfo: EGL_VENDOR: Google Inc. (adapter LUID: 000000000000f666) EGL_VERSION: 1.4 (ANGLE 2.1.0.8a050090f926) EGL_EXTENSIONS: EGL_EXT_create_context_robustness EGL_ANGLE_d3d_share_handle_client_buffer EGL_ANGLE_d3d_texture_client_buffer EGL_ANGLE_surface_d3d_texture_2d_share_handle EGL_ANGLE_query_surface_pointer EGL_ANGLE_window_fixed_size EGL_ANGLE_keyed_mutex EGL_ANGLE_surface_orientation EGL_ANGLE_direct_composition EGL_NV_post_sub_buffer EGL_KHR_create_context EGL_EXT_device_query EGL_KHR_image EGL_KHR_image_base EGL_KHR_gl_texture_2D_image EGL_KHR_gl_texture_cubemap_image EGL_KHR_gl_renderbuffer_image EGL_KHR_get_all_proc_addresses EGL_KHR_stream EGL_KHR_stream_consumer_gltexture EGL_NV_stream_consumer_gltexture_yuv EGL_ANGLE_flexible_surface_compatibility EGL_ANGLE_stream_producer_d3d_texture EGL_ANGLE_create_context_webgl_compatibility EGL_CHROMIUM_create_context_bind_generates_resource EGL_CHROMIUM_sync_control EGL_EXT_pixel_format_float EGL_KHR_surfaceless_context EGL_ANGLE_display_texture_share_group EGL_ANGLE_create_context_client_arrays EGL_ANGLE_program_cache_control EGL_ANGLE_robust_resource_initialization EGL_ANGLE_create_context_extensions_enabled EGL_ANDROID_blob_cache EGL_ANDROID_recordable EGL_EXTENSIONS(nullptr): EGL_EXT_client_extensions EGL_EXT_platform_base EGL_EXT_platform_device EGL_ANGLE_platform_angle EGL_ANGLE_platform_angle_d3d EGL_ANGLE_device_creation EGL_ANGLE_device_creation_d3d11 EGL_ANGLE_experimental_present_path EGL_KHR_client_get_all_proc_addresses EGL_KHR_debug EGL_ANGLE_explicit_context
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11
  • windowUsingAdvancedLayers: True

Sainroghanna Athraithe

Éagsúil

  • User JS: No
  • Inrochtaineacht: Tá

Freagra Cabhrach

I wanted to add that I'm an avid Firefox user and fan and have been using it for more than 10 years. This started happening about 3 major versions ago, (from 65.0).

At some point I recreated my Firefox profile to see if that would help, but websites that have been working originally, keep breaking. Those websites work on other browsers such as IE and Edge.

Any help with this would be much appreciated. Everytime I open IE for a website that doesn't work because of this issue, it feels like a part of me dies :D :D

I wanted to add that I'm an avid Firefox user and fan and have been using it for more than 10 years. This started happening about 3 major versions ago, (from 65.0). At some point I recreated my Firefox profile to see if that would help, but websites that have been working originally, keep breaking. Those websites work on other browsers such as IE and Edge. Any help with this would be much appreciated. Everytime I open IE for a website that doesn't work because of this issue, it feels like a part of me dies :D :D
An bhfuil an freagra seo cabhrach? 1
Luaigh
FredMcD
  • Top 10 Contributor
4248 réiteach 59413 freagra
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message [https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors?redirectlocale=en-US&redirectslug=Error+loading+web+sites Websites don't load - troubleshoot and fix error messages] http://kb.mozillazine.org/Error_loading_websites [https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean What do the security warning codes mean]
An bhfuil an freagra seo cabhrach?
Luaigh
jscher2000
  • Top 10 Contributor
8695 réiteach 71076 freagra

That's an unusual error code. I found some information that I don't claim to fully understand. Also, why would it work sometimes and not others? Hmm...

SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION means "A certificate contains an extension marked as critical that is not handled by mozilla::pkix."

The six extensions Firefox can handle as critical extensions are: Subject Alternate Name, Basic Constraints, Key Usage, Extended Key Usages, Name Constraints, and Authority Information Access.

If any other extension is marked as critical, Firefox stops verifying the certificate and won't connect.

"What Can I Do: Re-generate the certificate without the extension or with it not marked as critical."

Source: https://wiki.mozilla.org/SecurityEngineering/x509Certs

That's an unusual error code. I found some information that I don't claim to fully understand. Also, why would it work sometimes and not others? Hmm... SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION means "A certificate contains an extension marked as critical that is not handled by mozilla::pkix." The six extensions Firefox can handle as critical extensions are: Subject Alternate Name, Basic Constraints, Key Usage, Extended Key Usages, Name Constraints, and Authority Information Access. If any other extension is marked as critical, Firefox stops verifying the certificate and won't connect. "What Can I Do: Re-generate the certificate without the extension or with it not marked as critical." ''Source:'' https://wiki.mozilla.org/SecurityEngineering/x509Certs
An bhfuil an freagra seo cabhrach?
Luaigh

Úinéir na ceiste

@FredMcD

I have checked BitDefender and SSL scan is off.

This can be verified by checking the certificate when opening an HTTPS page. When BitDefender is intercepting SSL traffic, the BitDefender certificate shows up, and when it doesn't, the normal webpage certificate shows up. Screenshot attached.

@jscher

Is this something that changed in recent versions? Those websites were working before.

Also, they have self-signed certificates generated by default. It's highly unlikely they would include a critical extension not recognizable by Firefox pkix.

@FredMcD I have checked BitDefender and SSL scan is off. This can be verified by checking the certificate when opening an HTTPS page. When BitDefender is intercepting SSL traffic, the BitDefender certificate shows up, and when it doesn't, the normal webpage certificate shows up. Screenshot attached. @jscher Is this something that changed in recent versions? Those websites were working before. Also, they have self-signed certificates generated by default. It's highly unlikely they would include a critical extension not recognizable by Firefox pkix.
An bhfuil an freagra seo cabhrach?
Luaigh
jscher2000
  • Top 10 Contributor
8695 réiteach 71076 freagra

Hi PraSSaDaR, unfortunately, I don't know how to extract the certificate details on the "Secure Connection Failed" error page.

Hi PraSSaDaR, unfortunately, I don't know how to extract the certificate details on the "Secure Connection Failed" error page.
An bhfuil an freagra seo cabhrach?
Luaigh

Úinéir na ceiste

It doesn't look like there is anything more to be added. Thank you both for your help.

If I find out anything new, I will post the update here.

It doesn't look like there is anything more to be added. Thank you both for your help. If I find out anything new, I will post the update here.
An bhfuil an freagra seo cabhrach?
Luaigh
kgb 1 réiteach 18 freagra

Um, the behavior you're describing, with:

  • One day website works fine, the other day it comes with the error and no certificate has been changed and
  • At some point I recreated my Firefox profile to see if that would help, but websites that have been working originally, keep breaking.

... It would seem like there's a - Firefox, not Firefox (?) - Windows Registry rootkit, or something. I'd say there's at least 50/50 chance that your browser is (hi)jacked, right? I mean, if you're sure that you had earlier ran "firefox.exe -P" and made a -completely- fresh profile.

Are you not running some sort of a (automatic) sandbox - such as COMODO's "Auto-Containment", which would place Firefox.exe in 'UNRECOGNIZED FILES' - and if not, or it's not being detected: then it may be the case that your Registry got b0rked?? What do you think? o.0

EDIT: ^^ Would it be too late to try it now, think that Firefox sigs should be built-in to the software (COMODO Firewall, or IS) and so it'll still report if it's funny - yea?

Mozilla's WebPKI thingy says that:

  • SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION
  • A certificate contains an extension marked as critical that is not handled by mozilla::pkix

@https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates

And that you should "Re-generate the certificate without the extension or with it not marked as critical" which you obviously got nothing to do with - so, that information is entirely useless. :)

Basically, I'm just spamming at this point, so I should prolly just wait for you to post back about this highly-unusual issue...

(I mean, it could be that Bitdefender - or, whatever - is still throwing a fit, even though its SSL intercept is set to "off", because such software is -generally, just- invasive af? ++ Sorry if none of this has helped, like at all.)

Um, the behavior you're describing, with: * One day website works fine, the other day it comes with the error and no certificate has been changed and * At some point I recreated my Firefox profile to see if that would help, but websites that have been working originally, keep breaking. ... It would seem like there's a - Firefox, not Firefox (?) - Windows Registry rootkit, or something. I'd say there's at least 50/50 chance that your browser is (hi)jacked, right? I mean, if you're '''sure''' that you had earlier ran "firefox.exe -P" and made a -completely- fresh profile. Are you not running some sort of a (automatic) sandbox - such as COMODO's "Auto-Containment", which would place Firefox.exe in 'UNRECOGNIZED FILES' - and if not, or it's not being detected: then it may be the case that your Registry got b0rked?? What do you think? o.0 '''EDIT''': ^^ Would it be too late to try it now, think that Firefox sigs should be built-in to the software (COMODO Firewall, or IS) and so it'll still report if it's funny - yea? Mozilla's WebPKI thingy says that: * SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION * A certificate contains an extension marked as critical that is not handled by mozilla::pkix @https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates And that you should "Re-generate the certificate without the extension or with it not marked as critical" which you obviously got nothing to do with - so, that information is entirely useless. :) Basically, I'm just spamming at this point, so I should prolly just wait for you to post back about this highly-unusual issue... (I mean, ''it could be'' that Bitdefender - or, whatever - is still throwing a fit, even though its SSL intercept is set to "off", because such software is -generally, just- invasive af? ++ Sorry if none of this has helped, like at all.)

Athraithe ag kgb ar

An bhfuil an freagra seo cabhrach?
Luaigh

Úinéir na ceiste

Issue still persists on version 69.

Site was working fine with Firefox 68. After upgrading to 69, error described above comes up.

Can this be reported to the developers as a bug please?

Issue still persists on version 69. Site was working fine with Firefox 68. After upgrading to 69, error described above comes up. Can this be reported to the developers as a bug please?
An bhfuil an freagra seo cabhrach?
Luaigh
jscher2000
  • Top 10 Contributor
8695 réiteach 71076 freagra

PraSSaDaR said

Issue still persists on version 69. Site was working fine with Firefox 68. After upgrading to 69, error described above comes up. Can this be reported to the developers as a bug please?

Hi PraSSaDaR, I found a bug on file where several people started getting this error code with self-signed certificates (157022). It's possible the error code is inaccurate in some cases, since someone could use an alternate method to add an exception:

Found this bug report because many of our internal certificates stopped working in Firefox 69, giving the SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION error message. ... Workaround for me is to go to about:preferences#privacy and view the certificates, then on the Servers tab enter the URL to the server. The certificate is then fetched and can be stored, after which Firefox can connect again. This should have the same result as the checkbox on certificate warning pages in Firefox 68, that would store the exception.

That should only work if the error code is inaccurate and the real reason is something more common such as an incomplete chain of trust (normal for self-signed certificates).

To clarify the steps:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the search box at the top of the page, type cert and Firefox should filter to the Certificates section.

Click the "View Certificates" button and in the Certificate Manager, click the Servers tab. At the bottom, click the "Add Exception" button (first screenshot). That will pop up a small dialog where you can enter the URL to retrieve the extension (second screenshot).

If that works, then the error code was mistaken.

''PraSSaDaR [[#answer-1250524|said]]'' <blockquote> Issue still persists on version 69. Site was working fine with Firefox 68. After upgrading to 69, error described above comes up. Can this be reported to the developers as a bug please? </blockquote> Hi PraSSaDaR, I found a bug on file where several people started getting this error code with self-signed certificates (157022). It's possible the error code is inaccurate in some cases, since someone could use an alternate method to add an exception: <blockquote>Found this bug report because many of our internal certificates stopped working in Firefox 69, giving the SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION error message. ... Workaround for me is to go to about:preferences#privacy and view the certificates, then on the Servers tab enter the URL to the server. The certificate is then fetched and can be stored, after which Firefox can connect again. This should have the same result as the checkbox on certificate warning pages in Firefox 68, that would store the exception.</blockquote> That should only work if the error code is inaccurate and the real reason is something more common such as an incomplete chain of trust (normal for self-signed certificates). To clarify the steps: * Windows: "3-bar" menu button (or Tools menu) > Options * Mac: "3-bar" menu button (or Firefox menu) > Preferences * Linux: "3-bar" menu button (or Edit menu) > Preferences * Any system: type or paste '''about:preferences''' into the address bar and press Enter/Return to load it In the search box at the top of the page, type ''cert'' and Firefox should filter to the '''Certificates''' section. Click the "View Certificates" button and in the Certificate Manager, click the Servers tab. At the bottom, click the "Add Exception" button (first screenshot). That will pop up a small dialog where you can enter the URL to retrieve the extension (second screenshot). If that works, then the error code was mistaken.
An bhfuil an freagra seo cabhrach?
Luaigh

Úinéir na ceiste

Hi jscher2000,

The workaround that you mentioned didn't work unfortunately. The error reads:

No information available

Unable to obtain identification status for this site.

I tried multiple sites that weren't working before and the one that just broke after the upgrade to Firefox 69.

The certificate hasn't changed at all which clearly points that this is a Firefox issue.

Hi jscher2000, The workaround that you mentioned didn't work unfortunately. The error reads: '''No information available''' Unable to obtain identification status for this site. I tried multiple sites that weren't working before and the one that just broke after the upgrade to Firefox 69. The certificate hasn't changed at all which clearly points that this is a Firefox issue.
An bhfuil an freagra seo cabhrach?
Luaigh
jscher2000
  • Top 10 Contributor
8695 réiteach 71076 freagra

Hi PraSSaDaR, this error code is very specific, so I think you may need to try generating new certificates consistent with the discussion here:

https://wiki.mozilla.org/SecurityEngineering/x509Certs

Hi PraSSaDaR, this error code is very specific, so I think you may need to try generating new certificates consistent with the discussion here: https://wiki.mozilla.org/SecurityEngineering/x509Certs
An bhfuil an freagra seo cabhrach?
Luaigh

Úinéir na ceiste

Why would I generate new certificates just for Firefox while they work with other browsers? Is this a PKI security issue and cert specifications that other browsers haven't caught up with yet?

How was it working on Firefox 68 and stopped working on 69 if no changes have been made to our certificates and to the underlying PKI structure of Firefox?

Why would I generate new certificates just for Firefox while they work with other browsers? Is this a PKI security issue and cert specifications that other browsers haven't caught up with yet? How was it working on Firefox 68 and stopped working on 69 if no changes have been made to our certificates and to the underlying PKI structure of Firefox?
An bhfuil an freagra seo cabhrach?
Luaigh
FredMcD
  • Top 10 Contributor
4248 réiteach 59413 freagra

Firefox is very strict with certificates, making it more secure.

Firefox is very strict with certificates, making it more secure.
An bhfuil an freagra seo cabhrach? 0
Luaigh

Úinéir na ceiste

Firefox is the most secure browser I've ever used and it's one of the main reasons I keep using it. However, this is not the point I'm trying to make here.

I tested this in a corporate environment with other users experiencing the same issue. I would encourage you to raise it with the Developers as on setups like Firefox 69 + other OSes (such as Windows 8 and Windows Server 2012R2) + BitDefender it is working fine.

The problem occurs on Firefox 68 and 69 on Windows 10 (Build 1809 and latest). This eliminates BitDefender, Firefox PKI handling changes, and changes to our internal certificates as probable causes.

Firefox is the most secure browser I've ever used and it's one of the main reasons I keep using it. However, this is not the point I'm trying to make here. I tested this in a corporate environment with other users experiencing the same issue. I would encourage you to raise it with the Developers as on setups like Firefox 69 + other OSes (such as Windows 8 and Windows Server 2012R2) + BitDefender it is working fine. The problem occurs on Firefox 68 and 69 on Windows 10 (Build 1809 and latest). This eliminates BitDefender, Firefox PKI handling changes, and changes to our internal certificates as probable causes.
An bhfuil an freagra seo cabhrach?
Luaigh
jscher2000
  • Top 10 Contributor
8695 réiteach 71076 freagra

Freagra Cabhrach

Hi PraSSaDaR, do you want to review the following bug that's on file for Firefox 69 and see whether it covers the type of certificate that's causing the problem for you:

https://bugzilla.mozilla.org/show_bug.cgi?id=1570222

Hi PraSSaDaR, do you want to review the following bug that's on file for Firefox 69 and see whether it covers the type of certificate that's causing the problem for you: https://bugzilla.mozilla.org/show_bug.cgi?id=1570222
An bhfuil an freagra seo cabhrach? 1
Luaigh

Úinéir na ceiste

Thank you jscher2000.

I've posted my comments along with one of the countless "problematic" certificates on the bug that you shared with me.

Hopefully, it will be resolved soon.

Thank you jscher2000. I've posted my comments along with one of the countless "problematic" certificates on the bug that you shared with me. Hopefully, it will be resolved soon.
An bhfuil an freagra seo cabhrach?
Luaigh
Cuir ceist

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.