X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! ปรับรุ่น Firefox

Support Forum

Adding SSL-Certificate Exception in Firefox 4

Posted

I recently installed Firefox 4 beta 11 and now cannot access certain webpages provided by my university which are using an SSL-encryption.

The error message I receive (in a popup box) is:

evasys.urz.uni-halle.de uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided.

(Error code: sec_error_unknown_issuer)

It has been a known problem that somehow Firefox does not handle the issuer chain of the certificate correctly (thats what the IT department says) and the solution up to now was to add an exception for this website in Firefox 3.x.x

This would be fine by me for Firefox 4, too, but I cannot find a way to add this exception. As soon as I dismiss the error message box by clicking "OK" nothing happens, no "This connection is untrusted"-page (http://support.mozilla.com/en-US/kb/This%20connection%20is%20untrusted#w_certificates-and-identification) is opened or anything equivalent.

Thank you in advance for any help.

Chosen solution

Nothing has changed about adding exceptions in Firefox 4 AFAIK.

If you can't add an exception, but get a pop-up with the error message then you can check the pref browser.xul.error_pages.enabled on the about:config page and make sure that the value is set to the true (default).

You can retrieve the certificate and check who issued the certificate.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button to inspect the certificate and check who is the issuer.

Only leave the mark in the box at the bottom to "Permanently store this exception" if you trust that certificate.

  • Click "Confirm Security Exception" to enter the site if you still want to go to that website.
Read this answer in context 8

Additional System Details

Sites Affected

https://evasys.urz.uni-halle.de

Installed Plug-ins

  • Shockwave Flash 10.2 r152
  • Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620
  • Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • 4.0.60129.0
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • Version 1.1.7, copyright 1996-2011 The VideoLAN Teamhttp://www.videolan.org/
  • Adobe PDF Plug-In For Firefox and Netscape 10.0.1
  • Npdsplay dll
  • DRM Store Netscape Plugin
  • DRM Netscape Network Object

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11

More Information

Question owner

After installing beta 12 the problem seems to be solved - connecting to the mentioned websites is possible via https.

Anyhow it would still be nice to know, how adding an exception works in FF4.

cor-el
  • Top 10 Contributor
  • Moderator
10741 solutions 96657 answers

Chosen Solution

Nothing has changed about adding exceptions in Firefox 4 AFAIK.

If you can't add an exception, but get a pop-up with the error message then you can check the pref browser.xul.error_pages.enabled on the about:config page and make sure that the value is set to the true (default).

You can retrieve the certificate and check who issued the certificate.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button to inspect the certificate and check who is the issuer.

Only leave the mark in the box at the bottom to "Permanently store this exception" if you trust that certificate.

  • Click "Confirm Security Exception" to enter the site if you still want to go to that website.

Question owner

Thank you cor-el for your answer.

browser.xul.error_pages.enabled was really set to false which I did not do myself, but some addon might have.

I cannot test, whether the "This connection is untrusted"-page appears now, because since beta 12 the certificate works fine, but I trust you, that it is still there.

cor-el
  • Top 10 Contributor
  • Moderator
10741 solutions 96657 answers

You're welcome

Alexus 0 solutions 2 answers

Helpful Reply

Hello. Yes, there is a problem with adding an exception button, but I found a temporary solution until Mozilla solves the problem. First, copy a link from website you want to enter. Then, go to: Options > Advanced > Encryption tab > View Certificates > Servers tab > Add Exception.. Now paste the link at "Location:" then click "Get Certificate" and Confirm Security Exception. That's all.

anasis 0 solutions 1 answers

Helpful Reply

This is a really annoying bug! I had to switch back to Firefox 3.6 as I could only confirm the exception sporadically. In most of the cases the button did not get active.

sunny1729 0 solutions 1 answers

cor-el's solution is good, except that sometimes you should also check the browser.xul.error_pages.expert_bad_cert value, which maybe false in some cases.

Actually, check the certification is really necessary since you are under some risks if you got the warning. In my experience, when I accessed the same web site through another link ( a vpn tunnel ), the warning disappears. This can be replayed each time.

So you should ensure that the certification is from the web site accessed, if you were behind GFW like me.

Jay Riley 0 solutions 1 answers

It turns out this problem is the result of the intermediary chain not being properly defined by the server.

I was able to solve this error with a StartSSL certificate using NGINX (a robust high volume alternative to APACHE) in minutes by following these steps: 5-nginx-and-StartSSL.html