X
點擊此處開啟此網站的行動版。

技術支援討論區

The certificate is not trusted because it is self signed

已張貼

Hi, My problem can sum up to "sec_error_ca_cert_invalid into Intranet".

In fact the certificate of an intranet website present in my society is self signed. Then like write here : https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message : "This is common for intranet websites that aren't available publicly." How can I ignore this warning ? because it's not published on web and I need to see the content.

Thanks to your help. ps: Sorry for possible fault I'm french.

Hi, My problem can sum up to "sec_error_ca_cert_invalid into Intranet". In fact the certificate of an intranet website present in my society is self signed. Then like write here : https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message : "This is common for intranet websites that aren't available publicly." How can I ignore this warning ? because it's not published on web and I need to see the content. Thanks to your help. ps: Sorry for possible fault I'm french.

被選擇的解決方法

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add full domain to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.


從原來的回覆中察看解決方案 0

額外的系統細節

已安裝的外掛程式

  • ActiveTouch General Plugin Container Version 105
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.01
  • GEPlugin
  • Google Update
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.31.2 for Mozilla browsers
  • Office Authorization plug-in for NPAPI browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • PDF-XChange Viewer Netscape Gecko Plugin
  • Shockwave Flash 11.5 r502
  • 5.1.30214.0

應用程式

  • User Agent: Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0

更多資訊

iNef 3 個解決方法 15 個答案

Hello,

Try Add Exception: FireFox -> Options -> Advanced -> Certificates -> View Certificates -> Servers -> Add Exception.

Hello, Try '''Add Exception''': FireFox -> Options -> Advanced -> Certificates -> View Certificates -> Servers -> Add Exception.

提出問題者

iNef said

Hello, Try Add Exception: FireFox -> Options -> Advanced -> Certificates -> View Certificates -> Servers -> Add Exception.


I've already test it and the answer of it is : "No avalable information" "Impossible to obtain the state of identification of this site."

''iNef [[#answer-712944|said]]'' <blockquote> Hello, Try '''Add Exception''': FireFox -> Options -> Advanced -> Certificates -> View Certificates -> Servers -> Add Exception. </blockquote> I've already test it and the answer of it is : "No avalable information" "Impossible to obtain the state of identification of this site."
iNef 3 個解決方法 15 個答案

Okay, that's because Firefox switched to a stricter library.

Try to modify your accepted protocols:

Type into the address bar about:config in and press Enter.

Search security.tls.version.min and security.tls.version.max

To disable SSL3 and requires TLS, double-click security.tls.version.min and enter the desired value:

   0 = SSL 3.0 
   1 = TLS 1.0
   2 = TLS 1.1 

To disable TLS , double-click security.tls.version.max:

   0 = up to SSL 3.0
   1 = up to TLS 1.0
   2 = up to TLS 1.1

If you put 0 to the both values, it worked for some people...

Okay, that's because Firefox switched to a stricter library. Try to modify your accepted protocols: Type into the address bar '''about:config''' in and press Enter. Search ''security.tls.version.min'' and ''security.tls.version.max'' To disable SSL3 and requires TLS, double-click security.tls.version.min and enter the desired value: 0 = SSL 3.0 1 = TLS 1.0 2 = TLS 1.1 To disable TLS , double-click security.tls.version.max: 0 = up to SSL 3.0 1 = up to TLS 1.0 2 = up to TLS 1.1 If you put 0 to the both values, it worked for some people...
cor-el
  • Top 10 Contributor
  • Moderator
17565 個解決方法 158873 個答案

You shouldn't change the security.tls.version.min and security.tls.version.max prefs to only enable SSL3. Leave them at their default values.

You can look at this extension:

You shouldn't change the security.tls.version.min and security.tls.version.max prefs to only enable SSL3. Leave them at their default values. You can look at this extension: *SSL Version Control: https://addons.mozilla.org/firefox/addon/ssl-version-control/

提出問題者

cor-el said

You shouldn't change the security.tls.version.min and security.tls.version.max prefs to only enable SSL3. Leave them at their default values. You can look at this extension:

I've test your extension but it don't resolve my problem. I'd test whis all possible configuration and my resut is simple:

  • With SSLv3, TLS 1.0 or TLS 1.1 => it's a same problem.
  • With TLS 1.2 => the connexion is impossible with error message : ssl_error_unsupported_version
''cor-el [[#answer-713006|said]]'' <blockquote> You shouldn't change the security.tls.version.min and security.tls.version.max prefs to only enable SSL3. Leave them at their default values. You can look at this extension: *SSL Version Control: https://addons.mozilla.org/firefox/addon/ssl-version-control/ </blockquote> I've test your extension but it don't resolve my problem. I'd test whis all possible configuration and my resut is simple: * With SSLv3, TLS 1.0 or TLS 1.1 => it's a same problem. * With TLS 1.2 => the connexion is impossible with error message : ''ssl_error_unsupported_version''

提出問題者

? up ?

? up ?
cor-el
  • Top 10 Contributor
  • Moderator
17565 個解決方法 158873 個答案

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

You can use this button to go to the currently used Firefox profile folder:

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored. If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. If that didn't help then remove or rename secmod.db (secmod.db.old) as well. You can use this button to go to the currently used Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox

提出問題者

I've already test it and test too to delete and create new profil

I've already test it and test too to delete and create new profil

提出問題者

NEW EVENT : i've install the new update and now the message had change.

Now, it's ask me to add exception, and then it present me a new message : ssl_error_bad_mac_alert

That begins to annoy me.........

NEW EVENT : i've install the new update and now the message had change. Now, it's ask me to add exception, and then it present me a new message : ssl_error_bad_mac_alert That begins to annoy me.........
cor-el
  • Top 10 Contributor
  • Moderator
17565 個解決方法 158873 個答案

選擇的解決方法

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

  • security.tls.insecure_fallback_hosts

You can double-click the line to modify the pref and add full domain to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column.


The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite. You can open the <b>about:config</b> page via the location/address bar and use its search bar to locate this pref: *security.tls.insecure_fallback_hosts You can double-click the line to modify the pref and add full domain to this pref. If there are already websites (domains) in this list then add a comma and the new domain (no spaces). You should only see domains separated by a comma in the value column. ---- *https://developer.mozilla.org/en-US/Firefox/Releases/36/Site_Compatibility#Security *https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security

有幫助的回覆

OMG ! Thanks you a lot for your help !

OMG ! Thanks you a lot for your help !