תשובות אחרונות על After updating FF to 33.0 I now get: error code: sec_error_invalid_keyhttps://support.mozilla.org/he/questions/10186182015-02-10T08:58:05-08:00See also:
Phasing out Certificates with 1024-bit RSA Keys:
https://blog.mozilla.org/security/2014/02015-02-10T08:58:05-08:00cor-elhttps://support.mozilla.org/he/questions/1018618#answer-689021<p>See also:
</p><p>Phasing out Certificates with 1024-bit RSA Keys:
</p>
<ul><li><a href="https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/" rel="nofollow">https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/</a>
</li></ul>
<p>Phase 2: Phasing out Certificates with 1024-bit RSA Keys:
</p>
<ul><li><a href="https://blog.mozilla.org/security/2015/01/28/phase-2-phasing-out-certificates-with-1024-bit-rsa-keys/" rel="nofollow">https://blog.mozilla.org/security/2015/01/28/phase-2-phasing-out-certificates-with-1024-bit-rsa-keys/</a>
</li></ul>Problem still exists, including Firefox 34, 35, 36.0b7
see https://support.mozilla.org/en-US/questio2015-02-09T05:25:16-08:00pion19https://support.mozilla.org/he/questions/1018618#answer-688514<p>Problem still exists, including Firefox 34, 35, 36.0b7
see <a href="https://support.mozilla.org/en-US/questions/1045971" rel="nofollow">https://support.mozilla.org/en-US/questions/1045971</a>
</p><p>important addition: I have restored https-access to my router by these tricks
in <strong>about:config</strong> Modify <strong>security.tls.version.min</strong> from <strong>1</strong> to <strong>0</strong>
sometimes it's necessary also to Modify <strong>security.tls.version.fallback-limit</strong> from <strong>1</strong> to <strong>0</strong>
please see link above
</p>I visited https://news.ycombinator.com/ with Firefox 33.0.2 on Windows 7 and it's giving me "(Error 2014-11-03T04:36:21-08:00BenKennishhttps://support.mozilla.org/he/questions/1018618#answer-648931<p>I visited https://news<i></i>.ycombinator<i></i>.com/ with Firefox 33.0.2 on Windows 7 and it's giving me "(Error code: sec_error_unknown_issuer)" and there is no "I understand the risks" button. In this case, I'm not particularly bothered about having a secure connection but the http:// site auto redirects to the https:// one and Firefox will not let me ignore the validation error.
</p><p>Whilst I understand that this behaviour is probably sensible for the typical Firefox user, it is not acceptable for developers and those who use admin control panels. Could we perhaps have an "about:config" variable such as "security.tls.allow-ignore-errors" that brings back the "I understand the risks" button?
</p><p>Cheers, Ben
</p>See:
https://developer.mozilla.org/en-US/Firefox/Releases/33/Site_Compatibility#Security
Several c2014-10-18T09:07:48-07:00cor-elhttps://support.mozilla.org/he/questions/1018618#answer-642836<p>See:
</p>
<ul><li><a href="https://developer.mozilla.org/en-US/Firefox/Releases/33/Site_Compatibility#Security" rel="nofollow">https://developer.mozilla.org/en-US/Firefox/Releases/33/Site_Compatibility#Security</a>
</li></ul>
<ul><li>Several cipher suites have been disabled
</li><li>RSA certificates using weak signatures less than 1024-bit are no longer accepted
</li></ul>Apparently the root issue with non-Webmin certs is key length within the certificates. FF 34 beta br2014-10-18T03:01:12-07:00FTWMikehttps://support.mozilla.org/he/questions/1018618#answer-642788<p>Apparently the root issue with non-Webmin certs is key length within the certificates. FF 34 beta broke out the error with a new error text of "mozilla_pkix_error_inadequate_key_size" but I'm still not finding any kind of override. 'They' need to understand we don't have any say over the key length on many of these devices, they are what they are and we need to be able to override them.
</p><p>Encrypted traffic even weakly encrypted is preferable to clear text when it contains logins and passwords.
</p>Hallo,
I create in Webmin a new local ssl certificate and now it is working with FF 33.
Webmin Confi2014-10-17T07:20:01-07:00PapsWhttps://support.mozilla.org/he/questions/1018618#answer-642422<p>Hallo,
</p><p>I create in Webmin a new local ssl certificate and now it is working with FF 33.
</p><p>Webmin Configuration -&gt; SSL Encryption -&gt; Self-Signed Certificate
</p><p>Kind regard
PapsW
</p>I have the same problem with Firefox 33.0 when connecting to Webmin running on a local network Ubunt2014-10-15T23:13:23-07:00JohnGBhttps://support.mozilla.org/he/questions/1018618#answer-641633<p>I have the same problem with Firefox 33.0 when connecting to Webmin running on a local network Ubuntu 12.04 Server.
</p>hello, i'm not sure if it applies to your situation, but support for some certificates with weak sig2014-10-15T16:54:51-07:00philipphttps://support.mozilla.org/he/questions/1018618#answer-641546<p>hello, i'm not sure if it applies to your situation, but support for some certificates with weak signatures has been removed in firefox 33: <a href="https://developer.mozilla.org/en-US/Firefox/Releases/33/Site_Compatibility#Security" rel="nofollow">https://developer.mozilla.org/en-US/Firefox/Releases/33/Site_Compatibility#Security</a>
</p>Here is a temporary workaround for Linux:
sudo apt-get remove firefox (do not specify purge, this w2014-10-15T16:29:34-07:00Bibeuhttps://support.mozilla.org/he/questions/1018618#answer-641538<p>Here is a temporary workaround for Linux:
sudo apt-get remove firefox (<strong>do not specify</strong> purge, this will keep your profile as is)
sudo dpkg -i /var/cache/apt/archives/firefox <strong>then type tab key</strong> to list the available versions in your apt cache.
Do the same with related packages (eg. locale language pack, desktop integration) that are already installed.
Then complete the command:
sudo dpkg -i /var/cache/apt/archives/firefox*32*.deb
At this time you're nearly safe.
Immediately launch synaptic package manager, seach firefox (32 and related) installed, select it, click <strong>Package</strong> in the menu and check the "<strong>Lock version</strong>".
You are now safe.
Monitor the firefox release notes to know when you can release the version lock.
</p>I have 10th of routers with self-sign certs. I checked the cert with a still 32 FF and the cert expi2014-10-15T08:54:33-07:00Bibeuhttps://support.mozilla.org/he/questions/1018618#answer-641337<p>I have 10th of routers with self-sign certs. I checked the cert with a still 32 FF and the cert expires in 2020. When I try to connect with FF33 I get the same sec_error_invalid_key. I removed the permanent exception cert from the local store and try to set it manually again: I get the error: ~unable to get identification status for the site~ (approx translation to english)
</p>I had this problem with Firefox 33 and 2 of my 3 webmin sites, I checked the certificates expiration2014-10-14T17:46:20-07:00JokMontoyahttps://support.mozilla.org/he/questions/1018618#answer-640865<p>I had this problem with Firefox 33 and 2 of my 3 webmin sites, I checked the certificates expiration date and the ones with problems had expired.
</p><p>I renewed the certificates in Webmin and Firefox asked me to add an exception for those selfsigned certificates as usual.
</p>And the answer is NO it won't be fixed, 33.0 released today and this is still an issue. Must revert 2014-10-14T13:35:02-07:00FTWMikehttps://support.mozilla.org/he/questions/1018618#answer-640787<p>And the answer is NO it won't be fixed, 33.0 released today and this is still an issue. Must revert back to 32.x or go to some other browser.
</p>"I trust that you are aware that Firefox 33 is a Beta build, which won't be released until Oct 14th.2014-09-23T00:49:40-07:00itfixthttps://support.mozilla.org/he/questions/1018618#answer-632023<p>"I trust that you are aware that Firefox 33 is a Beta build, which won't be released until Oct 14th."
</p><p>Yes, but the question is: <em>will</em> it be fixed? AFAICS this breaks Webmin, in general. Worse, if I try and add an exception in Options, FF says it can't get any identifying information from the site, so even that simple workaround isn't available. I'm not inclined to buy commercial SSL certificates for Webmin!
</p>I trust that you are aware that Firefox 33 is a Beta build, which won't be released until Oct 14th.
2014-09-11T21:34:15-07:00the-edmeisterhttps://support.mozilla.org/he/questions/1018618#answer-627235<p>I trust that you are aware that Firefox 33 is a Beta build, which won't be released until Oct 14th.
</p><p>Are you using Extended Validation (EV) certificates or the Domain Validated (DV) certificates?
</p>So that means I need to use IE or Chrome instead?
I downgraded to FF 32 and it is working again.
FF 2014-09-11T20:18:16-07:00otrovagomashttps://support.mozilla.org/he/questions/1018618#answer-627226<p>So that means I need to use IE or Chrome instead?
I downgraded to FF 32 and it is working again.
</p><p>FF has to fix this!
</p>That is probably because Firefox 33 has fully switched to libPKIX that is more stricter and you can 2014-09-11T17:55:20-07:00cor-elhttps://support.mozilla.org/he/questions/1018618#answer-627200<p>That is probably because Firefox 33 has fully switched to libPKIX that is more stricter and you can no longer disable this library and fall back to the previous NSS code.
</p>
<ul><li> <a href="https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/" rel="nofollow">https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/</a>
</li></ul>
<ul><li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=975229" rel="nofollow">bug 975229</a> - Remove NSS-based certificate verification
</li></ul>
<p><i>Please do not comment in bug reports<br><a href="https://bugzilla.mozilla.org/page.cgi?id=etiquette.html" rel="nofollow">https://bugzilla.mozilla.org/page.cgi?id=etiquette.html</a></i>
</p>I have same problem. I downgraded to FF 32, site with self-signed certificate works normally. Then I2014-09-11T17:34:18-07:00thiefsyhttps://support.mozilla.org/he/questions/1018618#answer-627195<p>I have same problem. I downgraded to FF 32, site with self-signed certificate works normally. Then I again upgraded to FF33beta, error code: sec_error_invalid_key.
</p><p>Renaming cert8.db file doesn't help.
</p>Did (does) Firefox 32 work or does that version fail as well?
You can try to rename the cert8.db fil2014-09-05T12:05:17-07:00cor-elhttps://support.mozilla.org/he/questions/1018618#answer-624447<p>Did (does) Firefox 32 work or does that version fail as well?
</p><p>You can try to rename the cert8.db file in the Firefox profile folder to see if that has effect.
</p>
<ul><li><a href="http://kb.mozillazine.org/Profile_folder_-_Firefox" rel="nofollow">http://kb.mozillazine.org/Profile_folder_-_Firefox</a>
</li></ul>