Adding SSL-Certificate Exception in Firefox 4

Similar Messages

• File Adapter FTP SSL SSL Certificate Exception

  After reviewing the results of searching on this error, I do not find anything that fits my situation:
  SAP File Adapter (PI 7.1) using FTP with FTPS connection security.
  I am not using X.509 certificate for client authentication.
  My connection is using a non-public certificate.
  I have added the SSL certificate to TrustedCAs and DEFAULT keystores.
  I am getting the following error:
  Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Since I am using an non-public certificate, it will not validate. Even adding to the TrustedCAs and DEFAULT keystore it seems the configuration is still attempting to validate the certificate.
  Any recommendations?

  Hi,
  The main reasons for this error are:
  1. The correct server certificate could not be present in the TrustedCA
  keystore view of NWA. Please ensure you have done all the steps
  described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for
  it (that was the cause for other customers as well) and if it's the case
  renew it or extend the validation.
  3. Some other people have reported similar problem and mainly the
  problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate
  is A which is issued by an intermediate CA B and then B's certificate is
  issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to
  have the right order of certificate in the chain. If the order is B
  first followed by A followed by C, then the IAIK library used by PI
  cannot verify the server as trusted. Please generate the certificate in
  the right order and then import this certificate in the TrustedCA
  keystore view and try again. Please take this third steps as the
  principal one.
  Hope it solves your querie.
  Regards,
  Caio Cagnani

• How to script the add certificate exception in Firefox 32.0.2 ?

  Hi,
  I meet some issues with the Firefox certificates management. Here is my context:
  - Firefox v32.0.2 on Windows 7 32 bits
  - a self-signed certificate created with OpenSSL 32 bits
  - Firefox and self-signed certificate have been deployed on 11000 workstations with some automated process (scripts).
  The self-signed certificate is used to securize data flows with https protocol between two WebServices and different applications. There is no security problem with Internet Explorer, Safari, Chrome.
  I have already deployed and installed the self-signed certificate with an Microsoft Active Directory GPO (there is an addon GPO for FireFox) and it is OK
  Issue:
  When the application WebService calls Firefox, a message indicates to the users that the connection can't be certified and ask them to add an exception.
  the WS URL is appeared and the users must click on "Confirm security exception" (the checkbox "Conserv this exception permanently" must be checked)
  It is a bit "dangerous" to let the users with these different choices and this is not very friendly.
  So, I want to create a script which automates all these manipulations and deploy this script with a GPO.
  Is it possible ? How can I script this certificate exception and the different choices?
  Thanks a lot by advance for your help
  Best regards
  Yanolezard

  This is not the GPO approach but an alternative: [https://support.mozilla.org/en-US/questions/984237]
  Other resources:
  *[http://mbrownnyc.wordpress.com/2013/06/04/leverage-group-policy-to-manage-certificates-in-users-firefox-certificate-store/]
  *There are also a number of admins that answer questions on their mailing list for the ESR (enterprise) version of Firefox. [https://www.mozilla.org/en-US/firefox/organizations/]

• SSL Certificate Exception everytime a connection is established

  Hello guys!
  I am trying to authenticate a website running SharePoint 2010. But everytime a connection is established, an SSL/TLS exception is thrown. The following is the code I am using. Any idea??
  The exception is: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
  using System;
  using System.Collections.Generic;
  using System.IO;
  using System.Linq;
  using System.Runtime.InteropServices.WindowsRuntime;
  using Windows.Foundation;
  using Windows.Foundation.Collections;
  using Windows.UI.Xaml;
  using Windows.UI.Xaml.Controls;
  using Windows.UI.Xaml.Controls.Primitives;
  using Windows.UI.Xaml.Data;
  using Windows.UI.Xaml.Input;
  using Windows.UI.Xaml.Media;
  using Windows.UI.Xaml.Navigation;
  using System.Net;
  using System.Net.NetworkInformation;
  using Windows.Networking.Connectivity;
  using System.Net.Http;
  using System.Xml.Linq;
  using System.Text;
  using Windows.Web.Http.Filters;
  using Windows.Security.Cryptography.Certificates;
  // The Blank Page item template is documented at http://go.microsoft.com/fwlink/?LinkId=234238
  namespace TestApp
      /// <summary>
      /// An empty page that can be used on its own or navigated to within a Frame.
      /// </summary>
      public sealed partial class MainPage : Page
          public MainPage()
              this.InitializeComponent();
          private static HttpWebRequest CreateWebRequest(string url, NetworkCredential credentials)
              //Initialize new instance of HttpBaseProtocolFilter, which implements IHttpFilter.  
              string action = "http://schemas.microsoft.com/sharepoint/soap/GetWebCollection";
              HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
              req.Credentials = credentials;
              req.Headers["SOAPAction"] = action;
              req.ContentType = "text/xml;charset=\"utf-8\"";
              req.Accept = "text/xml";
              req.Method = "POST";
              return req;
          static string soapEnvelope = @"<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'><soap:Body></soap:Body></soap:Envelope>";
          //static string soapEnvelope =
            //         @"<?xml version=""1.0"" encoding=""utf-8""?> <soap:Envelope xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema""
  xmlns:soap=""http://schemas.xmlsoap.org/soap/envelope/""> <soap:Body> <Login xmlns=""http://schemas.microsoft.com/sharepoint/soap/""> <username>{0}</username> <password>{1}</password>
  </Login> </soap:Body> </soap:Envelope>";
          private static XDocument CreateSoapEnvelope(string content)
              StringBuilder sb = new StringBuilder(soapEnvelope);
              sb.Insert(sb.ToString().IndexOf("</soap:Body>"), content);
              XDocument soapEnvelopeXml = XDocument.Parse(sb.ToString());
              return soapEnvelopeXml;
          private static void InsertSoapEnvelopeIntoWebRequest(XDocument soapEnvelopeXml, HttpWebRequest webRequest)
          webRequest.BeginGetRequestStream((IAsyncResult asynchronousResult) =>
                  HttpWebRequest request = (HttpWebRequest)asynchronousResult.AsyncState;
                  Stream postStream = request.EndGetRequestStream(asynchronousResult);
                  soapEnvelopeXml.Save(postStream);
                  //postStream.Close();
                  request.BeginGetResponse(new AsyncCallback(GetResponseCallback), request);
                  }, webRequest);
          private static void GetResponseCallback(IAsyncResult asynchronousResult)
              HttpWebRequest request = (HttpWebRequest)asynchronousResult.AsyncState;
              HttpWebResponse response = (HttpWebResponse)request.EndGetResponse(asynchronousResult);
              Stream streamResponse = response.GetResponseStream();
              StreamReader streamRead = new StreamReader(streamResponse);
              string responseString = streamRead.ReadToEnd();
              //do whatever with the response 
              //streamResponse.Close();
              //streamRead.Close();
              //response.Close();
          private void Button_Click(object sender, RoutedEventArgs e)
              NetworkCredential credentials = new NetworkCredential("<user>", "<password>", "<domain>");
              HttpWebRequest request = CreateWebRequest("https://the_website_I_am_trying_to_connect_to", credentials);
              XDocument soapEnvelope = CreateSoapEnvelope("<GetWebCollection xmlns=\"http://schemas.microsoft.com/sharepoint/soap/\" />");
              InsertSoapEnvelopeIntoWebRequest(soapEnvelope, request);
                  

  Hi,
  According to your description, my understanding is that when you access a https web service, it occurs the “The underlying connection was closed. Could not establish trust relationship for the SSL/TLS secure channe” error.
  To overcome this error, you need to install the certificate that is used by the web service provider in the server that will be calling the web service.
  Open Microsoft Management Console (Start --> Run      --> mmc.exe);
  Choose File --> Add/Remove Snap-in;
  In the Standalone tab, choose Add;
  Choose the Certificates snap-in, and click Add;
  In the wizard, choose the Computer Account, and then      choose Local Computer. Press Finish to end the wizard;
  Close the Add/Remove Snap-in dialog;
  Navigate to Certificates (Local Computer)
  Choose a store to import:
  If you have the Root CA       certificate for the company that issued the certificate, choose Trusted       Root Certification Authorities;
  If you have the       certificate for the server itself, choose Other People
  Right-click the store and choose All Tasks -->      Import
  Follow the wizard and provide the certificate file you      have;
  Here are some detailed articles for your reference:
  http://www.c-sharpcorner.com/uploadfile/anavijai/could-not-establish-trust-relationship-for-the-ssltls-secure-channel/
  http://stackoverflow.com/questions/703272/could-not-establish-trust-relationship-for-ssl-tls-secure-channel-soap
  Thanks
  Best Regards
  Jerry Guo
  TechNet Community Support
  Hello Jerry,
  Thank you very much for your reply.
  But what about Windows Phone? I am running the same code on´WP 8.1 as a store app, and returns an exception at the same place: the GetResponseCallBack.
  Any workaround? Can I run a code from the app that uses the certificate or at least installs it?
  Thanks a lot. 

• Can't add a certificate exception in Firefox 4.0, relevant buttons are disabled

  I try to access a web site from a local network via HTTPS. The web server uses self-signed certificates, and Firefox presents a common "This connection is untrusted" window.
  In version 3.x I simply clicked "Add Exception", and then "Confirm Security Exception". In Firefox 4.0, when I click "Add Exception", I see:
  # "This site provides valid, verified verification. There's no need to add an exception".
  # The "Permanently store this exception" checkbox and the "Confirm Security Exception" button are disabled.
  I cannot access this protected site anymore. Any suggestions?

  There seems to be a work around to add exception.
  You have to manually go to Tools -> Options -> Advanced -> View Certificates -> Servers -> Add Exception
  Then the "Add Certificate Exception" window comes up. Just enter the URL at location https:// and click "Get certificate". Then "Add Security Exception".
  This will allow you to access the site thereafter.
  I'm not sure though why "Add Exception" button under the "I understand the rsiks" page does not work. May be a bug.

• Can't add a certificate exception in Firefox 4.0 - "add exception" button do nothing

  I am opening web site with untrusted certificate. I would like to accept this certficate, so I click "Add exception" button. Unfortunately, confirmation dialog do not show up. In fact nothings happends. This problem is relevant to all websites with untrusted certificates.

  Going through the preferences to add a certificate is a workaround and not intuitive to users. The Add Exceptions button used to bring up a popup in Firefox version 3.5.9 that allowed you to add an exception for the server:port in my case. Is there a way to get the Add Exception button to work in Firefox version 3.6.12, it currently does nothing which is totally confusing to the user.

• Messaging Server: Problem Adding SSL Certificate

  We have a problem importing a CA certificate into Messaging Server 7 on Solaris 10 x86.
  Platform
  uname -a
  SunOS mail1 5.10 Generic_138889-03 i86pc i386 i86pcMessaging Server Version
  imsimta version
  Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec  9 2008)
  libimta.so 7.0-3.01 64bit (built 09:24:13, Dec  9 2008)We have created a certificate database and generated a certificate request, as follows:
  msgcert generate-certDB
  msgcert request-cert --name mail.domain.xxx  --org "University of XXX" --org-unit ITS --city XXX  --state "XXX" --country GB -F ascii -o /tmp/ssl.csrHowever, when we come to import the CA-supplied certificate we get the following error.
  msgcert add-cert Server-Cert /tmp/mail1.crt
  Enter the certificate database password:
  Unable to find private key for this certificate.
  Failed to add the certificate.I'm confused. What does the msgcert request-cert command use as a private key when generating the certificate request? Should I have used openssl to generate the certificate request with a known private key?
  Thanks
  Alan

  I solved the problem by converting certificate to pkcs#12 format and importing it.
  openssl pkcs12 -export -in cert.pem -inkey private.key -out cert.pkcs12 -name Server-Cert
  /opt/sun/comms/messaging64/bin/msgcert add-cert Server-Cert cert.pkcs12Alan

• How can I change an SSL Certificate display name on Firefox?

  I have 6 SSL Certificate to install in order for an application to open in 6 ways. Each certificate represent a way. The problem is that the pop up window i am receiving to choose one of these 6 SSL displays the Issuer CN while i need it to display the friendly name / or the description since i can modify them.
  Any way this is possible?
  Thanks,

  This article may help you
  https://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error?esab=a&s=SSL+certificate+display+on+Firefox&r=7&as=s
  regards,
  Gautam sharma.

• OPEN SSL certificate generation issue--bpel email activity

  Hi all,
  I need to send a mail from bpel using email activity.
  I made all settings changes.I downloaded OPENSSL software and I need to generate smtp ssl certificates?
  But while generation of ssl certificates I am getting some issue
  OpenSSL> openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:465>
  gmail.cert
  openssl:Error: 'openssl' is an invalid command.
  Standard commands
  asn1parse ca ciphers crl crl2pkcs7
  dgst dh dhparam dsa dsaparam
  ec ecparam enc engine errstr
  gendh gendsa genrsa nseq ocsp
  passwd pkcs12 pkcs7 pkcs8 prime
  rand req rsa rsautl s_client
  s_server s_time sess_id smime speed
  spkac verify version x509
  Message Digest commands (see the `dgst' command for more details)
  md2 md4 md5 rmd160 sha
  sha1
  Cipher commands (see the `enc' command for more details)
  aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
  aes-256-ecb base64 bf bf-cbc bf-cfb
  bf-ecb bf-ofb cast cast-cbc cast5-cbc
  cast5-cfb cast5-ecb cast5-ofb des des-cbc
  des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
  des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
  des-ofb des3 desx idea idea-cbc
  idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc
  rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
  rc4 rc4-40
  Can any one suggest me ,What I entered is correct or not?how to generate smtp certificates?
  Thanks in advance
  Krishna

  Fabian,
  Are you familiar with Firefox OS? The reason I say this is because the email client cannot create a certificate excaption. This is actually by design. This is by design: https://wiki.mozilla.org/Gaia/Email/Features#Security
  This support request at Mozilla was placed specifically for the Firefox OS product, for which only a single email client exists.
  That being said the good folks on the Mozilla Bugzilla, were able to show me how to look up another alias for these servers which does in fact work and does in fact match the SSL certificates. Though Dreamhost support could not provide me with said information, and said information does not in fact exist in the DreamHost wiki.
  I find repeated insistance from Dreamhost represenatives that I should just live with SSL certificate exceptions, when there are actual valid server names in existence to match the certificates in question, rediculous.
  The fact that you are posting this non solution for a product it isn't even applicable for is beyond unhelpful. It actually serves to muddy the waters.

• BingMaps not showing with SSL certificate

  I have recently added SSL certificate to the server for the website I am developing.
  I changed my applications to use  https from http.
  <script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0">
  After changing it from http to https, it is showing a blank page in place of map. The error it says is 
  This page is trying to load scripts from unauthenticated sources
  I had to click on the right top corner shield and allow the browser to run unsafe scripts to get the bingmaps to show up.
  Any ideas on how I can resolve it. I am using ASP.NEt, C#, Javascript and jQuery.
  Thanks in advance.
  Nate

  I had to add &s=1 to run the BingMaps in secure mode
  so, we should use following link to run the bing maps with SSL.
  https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&s=1
  Thanks
  Nate

• A fix for the Mozilla Firefox SSL Certificate Validation Security Weakness vulnerability? This appears to be an issue with not revalidating certificates when loading HTTPS pages from cache.

  We have to close vulnerabilities for PCI & Cybertrust certification. We have upgraded users running Firefox to version 7.0.1 but we are still receiving the message: Mozilla Firefox SSL Certificate Validation Security Weakness. Researching the issue, it appears to be related to certificates not being revalidated when loading HTTPS pages from cache. The bug report I found is:
  Bug 660749 - Firefox doesn't (re)validate certificates when loading a HTTPS page from the cache

  cookies.squite answer is Today at 5:15 PM .
  New profile, same problem.
  We've already established it is not a add-ons problem but obviously there will be less add-ons in this new profile to help exclude.
  Since there is two PC profiles on the PC, I tried the second profile, same problem. Used the RESET FF function on the second PC profile...same thing...even followed the instruct for uninstall &re-install...same problem.
  (3) different virus scanners, no hard core problems.
  Suspect how I have something in Windows setup that no one else is using?

• Firefox will not save Site Certificate Exceptions even when checked to do so.

  I have a publicly free Wifi Access point near by that I use daily. When logging on to this site I get a Warning about the Sites Certificate and do I want to proceed, I choose YES and then are asked if I want to make this exception permanent and I put a check mark in the box for yes and press accept. This is suppose to permanently accept this websites certificate in the future. It does not.. It will not save the exception from one session to the next.
  IN SHORT: Firefox failure to permanently store website Certificate exceptions.

  Make sure that you do not run Firefox in (permanent) Private Browsing mode.
  *https://support.mozilla.org/kb/Private+Browsing
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
  *Do not click the Reset button on the Safe mode start window or otherwise make changes.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
  See also:
  *https://support.mozilla.org/kb/Username+and+password+not+remembered
  *Tools > Options > Security: Passwords: "Remember passwords for sites"

• Firefox does not recognize SSL Certificate issuer Entrust Certification Authority – L1K, but Entrust Certification Authority – L1C is ok?

  We have a new Entrust SSL Certificate with issuer Entrust Certification Authority – L1K which Firefox does not recognize. Internet Explorer and Chrome are ok.
  On a different system we have an Entrust SSL Certificate with issuer Entrust Certification Authority – L1C which is ok with Firefox.

  Did you verify that all intermediate certificates are installed on the server?
  You can inspect the certificate chain via a site like this:
  *http://www.networking4all.com/en/support/tools/site+check/
  *https://www.ssllabs.com/ssltest/

• Firefox 27 in new profile will not store security certificate exception

  I created a new profile in order to transfer settings to a new PC. Under the new profile I cannot permanently store Security Certificate exceptions although I can do so in the default profile. I can create a one off exception in the new profile. Is there a fix?

  What I meant is which websites require you 990you to add an exception.
  Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted (click "Technical Details to expand that section) and if this is caused by a missing intermediate certificate then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.

• Can I install ssl certificates in Firefox for android 4.0 tablets?

  I need to Know if I can install ssl certificates in Firefox for android 4.0 tablets?
  I did it with the laptop Firefox for windows 7 and I am using al time but I need to travel with my samsung tablet and use my ssl certificate to acces my bank account. I dont know if the android version of firefox have advance options to configure my certificate.

  Visit a website that provides the cert and then you should be prompted to install it. As of right now the feature is in Firefox Beta from the Play Store if you want a more polished version.