X
Tap here to go to the mobile version of the site.

ஆதரவு மன்றம்

Firefox - BurpCA issues and Error: SEC_ERROR_UNTRUSTED_ISSUER

  • 5 replies
  • 2 இந்த பிரச்னைகள் உள்ளது
  • Last reply by user1298613
பதிவிடப்பட்டது

Good Morning, I am trying to solve FireFox CA issues for the last two days. I am using BurpPro for work.

I generated new Burp CA Cert (cacert.der) file and imported it via Settings to the list of certificates. I can see the Burp cacert imported. NOTE: When importing I CAN'T SEE THE SCREEN ASKING FOR "this cert can trust websites, mail etc."

Now, when navigating to HTTPS website ie httpS://example.com I see message: "Secure Connection Failed An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER" But going to http://example.com is OK (so this issue is only for httpS websites)

Why? [angry face] I was reading a lot of support topics over help here. The trick with removing cert8.db file don't help. I restored the FF to it's factory settings. Didn't help. I am after installing the FFDev edition (as a separate browser) and the same issue Secure Connection Failed

An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER occur!

The very same BurpCA Cert working on Chrome and IE. I asked the same question on BurpSupport - no answer... as yet.


Using: Windows7 Pro 64 bit FF 43.0.4 ; FFDev 45.0a2

Good Morning, I am trying to solve FireFox CA issues for the last two days. I am using BurpPro for work. I generated new Burp CA Cert (cacert.der) file and imported it via Settings to the list of certificates. I can see the Burp cacert imported. NOTE: When importing I CAN'T SEE THE SCREEN ASKING FOR "this cert can trust websites, mail etc." Now, when navigating to HTTPS website ie httpS://example.com I see message: "Secure Connection Failed An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER" But going to http://example.com is OK (so this issue is only for httpS websites) Why? [angry face] I was reading a lot of support topics over help here. The trick with removing cert8.db file don't help. I restored the FF to it's factory settings. Didn't help. I am after installing the FFDev edition (as a separate browser) and the same issue Secure Connection Failed An error occurred during a connection to example.com. Peer's certificate issuer has been marked as not trusted by the user. Error code: SEC_ERROR_UNTRUSTED_ISSUER occur! The very same BurpCA Cert working on Chrome and IE. I asked the same question on BurpSupport - no answer... as yet. Using: Windows7 Pro 64 bit FF 43.0.4 ; FFDev 45.0a2

Additional System Details

நிறுவப்பட்ட நிரல்கள்

  • ActiveTouch General Plugin Container Version 105
  • Citrix Online App Detector Plugin
  • Version 5.41.3.0
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.71.2 for Mozilla browsers
  • LastPass Plugin
  • 5.1.41212.0
  • VLC media player Web Plugin

பயன்பாடு

  • Firefox 43.0.4
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
  • Support URL: https://support.mozilla.org/1/firefox/43.0.4/WINNT/en-GB/

நீட்சிகள்

  • Adblock Plus 2.7.1 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Bamboo Feed Reader 2.2.3 ({b2e69492-2358-071a-7056-24ad0c3defb1})
  • CookieKeeper 1.8.5.1-signed.1-let-fixed (cookiekeeper@cookiekeeper.mozdev.org)
  • Firebug 2.0.13 (firebug@software.joehewitt.com)
  • Grab Them All 0.7.1.1-signed (grabthemall@zelazko.info)
  • HackBar 1.6.3.1-signed ({F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4})
  • LastPass 3.2.42 (support@lastpass.com)
  • Lightbeam 1.3.0.1-signed (jid1-F9UJ2thwoAm5gQ@jetpack)
  • Netcraft Anti-Phishing Toolbar 1.10.1.1-signed ({0e10f3d7-07f6-4f12-97b9-9b27e07139a5})
  • NoScript 2.9.0.2 ({73a6fe31-595d-460b-a920-fcc0f8843232})
  • Proxy Selector 1.31.1-signed (proxyselector@mozilla.org)
  • Shodan Firefox Addon 0.1.1-signed (jid1-AWt6ex5aPvWtTg@jetpack)
  • SQL Inject Me 0.4.7.1-signed (sqlime@security.compass)
  • XSS Me 0.4.6.1-signed (xssme@security.compass)
  • F5 Networks Host Plugin 7110.2014.0807.1842 ({DBBB3167-6E81-400f-BBFD-BD8921726F52}) (Inactive)
  • FiddlerHook 2.6.0.4 (fiddlerhook@fiddler2.com) (Inactive)
  • SSL Version Control 0.4.1-signed (jid1-ZM3BerwS6FsQAg@jetpack) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics Family
  • adapterDescription2:
  • adapterDeviceID: 0x0a16
  • adapterDeviceID2:
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igdumdim32 igd10iumd32 igd10iumd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 05e01028
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.17568
  • driverDate: 4-24-2014
  • driverDate2:
  • driverVersion: 10.18.10.3574
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • supportsHardwareH264: Yes
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Family Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
Phoxuponyou 51 தீர்வுகள் 517 பதில்கள்
பதிவிடப்பட்டது

Did you happen by this https://bugzilla.mozilla.org/show_bug.cgi?id=1126034 ? There is one workaround someone applied with CentOS and a fair bit of information regarding the error types (and what caused it in the case of TinyCA). My knowledge is limited regarding certificates, so googling for old solutions was the best I can do - I can see you've tried a couple already.

Did you happen by this https://bugzilla.mozilla.org/show_bug.cgi?id=1126034 ? There is one workaround someone applied with CentOS and a fair bit of information regarding the error types (and what caused it in the case of TinyCA). My knowledge is limited regarding certificates, so googling for old solutions was the best I can do - I can see you've tried a couple already.

Phoxuponyou மூலமாக திருத்தப்பட்டது

பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

Burp Support

According to Burp Support (link attached), when importing BurpCA certyficate I should get a question about "In the dialog box that pops up, check the box "Trust this CA to identify web sites", and click "OK".

I can't see this dialog box neither in Firefox or Firefox Dev ed. Why? Where I can reset this setting? Can't see anything over in Windows System registry or in about:config

[https://support.portswigger.net/customer/en/portal/articles/1783087-Installing_Installing%20CA%20Certificate%20-%20FF.html Burp Support] According to Burp Support (link attached), when importing BurpCA certyficate I should get a question about "In the dialog box that pops up, check the box "'''Trust this CA to identify web sites'''", and click "OK". I can't see this dialog box neither in Firefox or Firefox Dev ed. Why? Where I can reset this setting? Can't see anything over in Windows System registry or in about:config
Phoxuponyou 51 தீர்வுகள் 517 பதில்கள்
பதிவிடப்பட்டது

The UI may have changed since Burp made those instructions; you should see the difference in 43 already since there's no dialog box for Options (it's a tab now).

You can edit the setting by selecting the certificate and selecting Edit Trust, "identify websites" should be the first option you can select.

The UI may have changed since Burp made those instructions; you should see the difference in 43 already since there's no dialog box for Options (it's a tab now). You can edit the setting by selecting the certificate and selecting ''Edit Trust'', "identify websites" should be the first option you can select.
cor-el
  • Top 10 Contributor
  • Moderator
17697 தீர்வுகள் 160119 பதில்கள்
பதிவிடப்பட்டது

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required) where such a certificate is used?

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required) where such a certificate is used?
user1298613 5 தீர்வுகள் 132 பதில்கள்
பதிவிடப்பட்டது

Hi, this has been bugging me, and I have been looking for an answer, I am hoping that you can see it and it helps

http://mzl.la/1lFJl3h

Hi, this has been bugging me, and I have been looking for an answer, I am hoping that you can see it and it helps http://mzl.la/1lFJl3h