Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Cari Bantuan

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Pelajari Lebih Lanjut

Utas ini telah diarsipkan. Silakan membuat pertanyaan baru jika Anda membutuhkan bantuan.

mozilla::pkix sec_error_extension_value_invalid

  • 2 balas
  • 1 memiliki masalah ini
  • 38 kunjungan
  • Balasan terakhir oleh oncach

oncach
oncach

Hello, I'm getting sec_error_extension_value_invalid while trying to access https web site with server certificate containing both 'keyEncipherment' and 'keyAgreement' noncritical Key Usage extensions.. (when i clear one of these extensions from certificate, ssl hanshake runs just fine). Is this a bug or intended behaviour?

Firefox 31.0

Certificate extensions list: 

           X509v3 Basic Constraints:
               CA:FALSE
           X509v3 Key Usage:
               Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement
           X509v3 Extended Key Usage:
               TLS Web Server Authentication, Time Stamping, IPSec End System, IPSec Tunnel, IPSec User, 1.3.6.1.5.5.8.2.2
           X509v3 Subject Key Identifier:
               8D:B0:38:04:EB:7D:4F:E0:88:D7:20:28:EC:BA:47:25:17:92:17:FE

Thanks for answer in advance. Regards

Hello, I'm getting sec_error_extension_value_invalid while trying to access https web site with server certificate containing both 'keyEncipherment' and 'keyAgreement' noncritical Key Usage extensions.. (when i clear one of these extensions from certificate, ssl hanshake runs just fine). Is this a bug or intended behaviour? Firefox 31.0 Certificate extensions list: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Server Authentication, Time Stamping, IPSec End System, IPSec Tunnel, IPSec User, 1.3.6.1.5.5.8.2.2 X509v3 Subject Key Identifier: 8D:B0:38:04:EB:7D:4F:E0:88:D7:20:28:EC:BA:47:25:17:92:17:FE Thanks for answer in advance. Regards

Semua Balasan (2)

philipp
philipp
  • Moderator

hello oncach, the mozilla wiki would decribe the sec_error_extension_value_invalid error code like this:

  • What It Means: "A certificate has an extension with an empty value"
  • What Can I Do: "Re-generate the certificate without the extension, or re-generate it with a non-empty value"

https://wiki.mozilla.org/SecurityEngineering/x509Certs

not sure if this applies to your situation though...

oncach
oncach Pemilik pertanyaan

Thanks..

I can and perhaps will regenerate certificate without mentioned extensions, but it's not about one certificate and also there is lots of users who will be forced to accept new certficate as they do not trust issuing CA on their devices.