Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

How can I display self signed certificate sites in FF33? (sec_error_ca_cert_invalid)

  • 6 回覆
  • 3 有這個問題
  • 2 次檢視
  • 最近回覆由 cor-el

more options

Hello,

I am using FF33 on Win7. I've noticed that in recent versions, FF no longer allows me to view sites with self-signed certificates. In previous version, there was an option to add an exception, but now it simply states that I need to contact the owner of the website (See actual error message below). Unfortunately, many of our internal sites and equipment (routers, etc) use self signed and will never be otherwise. How can I view these sites? As I'm not willing to downgrade for fear of security vulnerabilities in older code, my only work around as of now, is to use another browser. Please advise. Thanks!

Error message: Secure Connection Failed

An error occurred during a connection to infoblox.vistaone.local. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

Hello, I am using FF33 on Win7. I've noticed that in recent versions, FF no longer allows me to view sites with self-signed certificates. In previous version, there was an option to add an exception, but now it simply states that I need to contact the owner of the website (See actual error message below). Unfortunately, many of our internal sites and equipment (routers, etc) use self signed and will never be otherwise. How can I view these sites? As I'm not willing to downgrade for fear of security vulnerabilities in older code, my only work around as of now, is to use another browser. Please advise. Thanks! Error message: Secure Connection Failed An error occurred during a connection to infoblox.vistaone.local. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

所有回覆 (6)

more options

hello, self-signed certificates are not gone for good - however there is now a stricter error handling in place. the self-signed certificates for your internal sites might have to be reissued with the proper setup, also see: https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#Error_Codes_in_Firefox_2

more options

Thank you philipp for your reply. I understand your point, but reissuing the certificates is not going to be a practical solution. Some of our customers have hundreds of networks devices using self-signed certificates that won't meet the new security checks. I think they will simply choose another browser that allows for an override of the security checks rather than update the certificates on all of those devices. Is there no way to override the security check in FF33?

more options

There is a Firefox 33.1 version on the way that might fix this issue, so check that out is a few days.


Bug 1042889 - mozilla::pkix, cannot override sec_error_ca_cert_invalid with version 1 certificate, and other scenarios (with or without pkix)

more options

apparently the fix is already present in the current firefox 31.2.0 extended support release: https://www.mozilla.org/en-US/firefox/organizations/all/

more options

Thank you Cor-el for that info. I'll look for the 33.1 release and see if that fixes the issue. @philipp, that is good to know that the extended support release 31.2.0 has a fix. However, we are not using the ESR versions and stick to the GA releases. Also, I'm not just concerned about our company, but all of our customers who have purchase appliances from us that use self-signed certificates for management. I obviously cannot control their environments. But at least I can now recommend the ESR 31.2.0 release instead of just recommending to use another browser. Thanks for your help!

more options

It only works in Firefox 31.2.0 if SSL3 is enabled (security.tls.version.min = 0 ;default).