Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Getting certificate invalid error because of proxy Z-Scaler event though certificate is trusted

  • 3 பதிலளிப்புகள்
  • 0 இந்த பிரச்னைகள் உள்ளது
  • 34 views
  • Last reply by a_c_mercier

Hi,

I have installed Z-Scaler proxy root CA certificate in Firefox for enabling SSL inspection. It works fine for most websites, but for google.com and a few others I get every day a certificate invalid/not trusted error and I have to restart Firefox to get the error to go away. Any ideas of what I can do to improve this behaviour? Any configuration I missed?

It's very similar issue to https://support.mozilla.org/en-US/questions/1199797, except that when I restart Firefox it works.

Thanks in advance for your help

Hi, I have installed Z-Scaler proxy root CA certificate in Firefox for enabling SSL inspection. It works fine for most websites, but for google.com and a few others I get every day a certificate invalid/not trusted error and I have to restart Firefox to get the error to go away. Any ideas of what I can do to improve this behaviour? Any configuration I missed? It's very similar issue to https://support.mozilla.org/en-US/questions/1199797, except that when I restart Firefox it works. Thanks in advance for your help
Attached screenshots

தீர்வு தேர்ந்தெடுக்கப்பட்டது

I'm puzzled why restarting helps. But since it's Google, let me mention...

Several users have linked the "zero round trip resumption" feature with losing their Google connection in mid-session, including "Oops" messages on Gmail. This feature is intended to speed up website connections. (Explainer post by CloudFlare) However, there seems to be some kind of compatibility issue. You can disable it as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.

(2) In the search box in the page, type or paste security.tls.enable_0rtt_data and pause while the list is filtered

(3) Double-click the preference to switch the value from true to false

After that, try Google again. Any improvement?

Read this answer in context 👍 0

All Replies (3)

தீர்வு தேர்ந்தெடுக்கப்பட்டது

I'm puzzled why restarting helps. But since it's Google, let me mention...

Several users have linked the "zero round trip resumption" feature with losing their Google connection in mid-session, including "Oops" messages on Gmail. This feature is intended to speed up website connections. (Explainer post by CloudFlare) However, there seems to be some kind of compatibility issue. You can disable it as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.

(2) In the search box in the page, type or paste security.tls.enable_0rtt_data and pause while the list is filtered

(3) Double-click the preference to switch the value from true to false

After that, try Google again. Any improvement?

Helpful?

Hi jscher2000,

Thanks a lot for your quick response. I've just done the change you mentioned and will keep you posted on whether it works or not.

Best regards,

Alex

Helpful?

Hi jscher2000,

After a few days of observation, I can confirm your proposed solution solved my problem with certificate trusting.

On the downside, it seems to have degraded the stability of Google Meet, which I guess is expected because I've just turn off a feature for improving performance.

Best regards,

Alex

Helpful?

கேள்வி எழுப்பு

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.