Issuer certificate invalid - firefox 36.0.4 - internal website

I have a few internal web servers that are used to manage networking equipment. These web sites get this error.
"Secure Connection Failed
An error occurred during a connection to XXX. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)"
I have added exceptions. did not change the symptom.
If I revert to an older version of FF I have no problems.
Obviously I would like to continue using FF but more and more of the things i do on my internal network are no longer working wth FF. It seems every update breaks something else i used to be able to do.
Getting VERY old and Ive about had it. Please fix this.

''guigs2 [[#answer-711204|said]]''
<blockquote>
Hi tgood69,
It is quite possible that the network machines are running into this issue because of the new CA guidelines mentioned below:
*[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/]
</blockquote>
yay.. a policy... intended to break things...
Pretty much done with FF then. I have a JOB to do and when one of my tools makes my job MUCH more difficult. Then that tool needs to be thrown away.

Similar Messages

  • Ssl_error_internal_error_alert error in firefox when connecting to an internal website with self signed certificate.

    Firefox 26.0 . The website is running on tomcat 7 server . Using java key store .java version "1.6.0_29"
    Can test the site with openssl s_client and response seem ok.
    SSL handshake has read 2335 bytes and written 303 bytes
    New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
    Server public key is 4096 bit
    Secure Renegotiation IS supported
    SSL-Session:
    Protocol : TLSv1
    Cipher : EDH-RSA-DES-CBC3-SHA
    Session-ID: 52B896D8E3B7D0B1A03C5D2E5FF8B594D6AA74E94CB193E24685A041C5BEBF3A
    Session-ID-ctx:
    Master-Key: 1063AB71B3389D139FD7DD490FE3DF2188FA24B5E090390D2A899B32E2895B1D7A093590BE8D6FCDEFD22ACF10D94544
    Key-Arg : None
    Start Time: 1387828953
    Timeout : 300 (sec)
    Verify return code: 18 (self signed certificate)
    closed

    Hello,
    Can you please confirm what the issue is? Are you not able to setup a SSL connection to the internal website running on Tomcat. If so, have you tried installing the root CA certificate into Firefox? You can do that by going to Firefox -> Preferences -> Advanced -> View Certificates -> Certificate Authorities and then importing the root CA certificate.
    Please check this and let us know if this helps in resolving the connectivity issue. Though, I am a bit surprised that the connection is not getting established. Typically, Firefox would warn you if you would like to continue with the connection. Are you not seeing this warning?
    Thank you

  • Setup SSL on ABAP : the issuer certificate is unknown

    Hello,
    I've been asked to set up the SSL on SAP 6.20 web applications servers (4.7).
    I've carefully followed the instructions given in sap note 510007 : sapcryptolib installed, parametres configured, SSL server PSE configured, etc ..
    Now, we have to create a certificate request and send it to our CA.
    But, before to do that I wanted to test SSL server.
    I found in the sapmarketplace that you can request a SSL Test Server Certificates, apparently it works exactly like the "real" SSL Server Certificates exept that it is temporary ( 8 weeks).
    Therefore, I've generated the certificate request, sent it to sap trust certificate center, and imported the certificate response into the PSE, exactly as described in sap documentation.
    Then I've established the trust relashionship necessary when using the SSL server PSE, I mean that I've imported the CA root certificate that the server should trust : TC TrustCenter Class 2 CA
    Then I have inserted it into the server PSE's certificate list. In the end, I've restarted the ICM.
    I wanted to test the SSL feature by sending https requests to the WAS but I got the following error (firefox):
    ******************************:1443 uses an invalid security certificate.
    The certificate is not trusted because the issuer certificate is unknown.
    (Error code: sec_error_unknown_issuer)
    Unknown identity, certificate is not trusted because it hasn't been verified by a recognized authority
    As you can imagine, I checked the certificate authorities in the browser, and TC TrustCenter Class 2 CA exists ... so I really do not underdtand where does the error come from ? Maybe from the TEST server certificate ?
    I encounter the same behaviour with IE7.
    Thank you in advance for your help.
    Best regards.
    Raoul.
    Edited by: Raoul Shiro on Mar 30, 2009 8:58 PM

    Hi Raoul,
    the SSL Test Server Certificates are issued from the SAP Server CA. You need to install the root certificate of the SAP Server CA in your browser. You can download this root certificate from [http://service.sap.com/tcs] -> Download Area -> Root Certificates.
    Best regards,
    Klaus

  • How do I trust a self-signed issuer certificate?

    I created a self-signed CA cert using openssl, and imported it into Firefox, but when I select it in the Certificate Manager under “Your Certificates” and click “View…”, I see the message “Could not verify this certificate because the issuer is not trusted.”
    https://www.dropbox.com/s/i38v78802ym9fug/Screenshot%202014-04-15%2010.49.14.png
    When I visit the site that I set up with an SSL cert signed by that same self-signed CA cert, I get an untrusted connection warning with the following technical details: “staging.cakemade.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)”
    https://www.dropbox.com/s/rvq00r0pdn99rd6/Screenshot%202014-04-15%2010.57.54.png
    When I view the site certificate, it correctly identifies the issuer as the CA cert that I imported, but also displays the message “Could not verify this certificate because the issuer is not trusted.”
    https://www.dropbox.com/s/b3no5pdhf9ddx5h/Screenshot%202014-04-15%2010.57.29.png
    I am using Firefox Aurora, and apply updates daily. I am using the default settings for OCSP.
    https://www.dropbox.com/s/in58viu3q6wkxvn/Screenshot%202014-04-15%2011.02.22.png
    What do I need to do to get Firefox to trust the CA cert that I imported?

    I'm assuming you've imported your CA cert underneath the 'Authorities' tab.
    Restart FF after importing the cert.
    I'd expect you're being prompted to set the trust level upon importing the cert. If not you can do that manually via the 'Edit Trust' button.

  • This Connection is untrusted (issuer certificate not trusted)

    For the past week I have been unable access internet sites via firefox. I keep getting the "The connection is untrusted" error. It does not matter what site, be it google, Mozilla or Yahoo mail.
    I have deleted the cert8.db file, cleaned my history and cache and reset firefox but nothing helps. When I go through the "I understand the risk" steps the sites load but not properly. Usually no pictures will load.

    www.google.com uses an invalid security certificate.
    The certificate is not trusted because the issuer certificate is not trusted.
    (Error code: sec_error_untrusted_issuer)
    It is a work computer and I believe we use McAffee.
    I follow the other directions and viewed the certificate. All looks OK, my time is correct, the certificate isn't set to expire till sometime in October.

  • Will there be a fix for Firefox's problems with Hotmail. I have gone back to 3.5.9 but mostly I am disappointed by the lack of action on this serious problem where a major and critical feature of a major international website is unavailable in the Firefox

    Will there be a fix for Firefox's problems with Hotmail. I have gone back to 3.5.9 but mostly I am disappointed by the lack of action on this serious problem where a major and critical feature of a major international website is unavailable in the Firefox browser.
    == URL of affected sites ==
    http://www.hotmail.com

    We've reached out to the Hotmail team and they've determined that this is a bug in their code. (It was masked by a timing issue in 3.5 that was fixed in 3.6.) We've worked with them to develop a fix but they may not have deployed it yet.

  • How to import a self signed certificate into Firefox from the windows store properly.

    I am currently trying to get a wcf service that runs on the same machine as the browser that is making the request. Since the connection is between a browser and an application running on the same machine security was orginally not a concern and it seemed fine to leave the request on http. The first issue arrised when Firefox did not allow mixed content calls (The website making the requests uses https). I have the service converted fine to run with Chrome and IE in https, but not for Firefox due to its use of a seperate store.
    For the windows store I created one CA cert which then issues the self signed cert which is then binded to a port I have the WCF service listening on (In my case this is: https://localhost:8502).
    This all needs to be done progammatically so I can't manually Add an Exception (which does work).
    If there was a way to use certutil (I am not very addept at using this tool at all) to add this exception it would be very helpful.
    The other method I have tried is exporting the selof signed cert and then importing it. Using IIS I can only export the file as .pfx which I can't seem to import into the Servers tab in the certificates interface (I assume this is the right location for it since the exception adds it here). I extracted the certificate from the port through code and imported it to the store, but it does not seem have the extra column defining the port like the exception cert does (It does not work wither).
    How do I do this correctly? Or is it even possible to have a self signed cert bypass all this? I only have it using self signed certs since the service is just running on localhost.

    HI,
    Adding an exception does work manually, but you would like to do this programmatically. This has more on the nSS functions [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Certificate_Download_Specification]
    I have not tried this you can add it to the file cert8.db if you can insert it into each profile you can access? (For example copy the file after you have manually added it?) that would overwrite any uniqueness however- not good for preserving data.
    The best advice would come from the security mailing list or the esr mailing list, that helps enterprise environments.

  • The issuer certificate of a locally looked up certificate could not be found. What do I do?

    I downloaded a program and got this error message: "The issuer certificate of a locally looked up certificate could not be found" and "The root CA certificate is not trusted for this purpose". What do I do?

    * Download a fresh Firefox copy from http://www.mozilla.com/firefox/all.html and save the file to the desktop.
    * Uninstall your current Firefox version and remove the Firefox program folder before installing that copy of the Firefox installer.
    * Don't remove personal data when uninstalling.
    * It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.

  • 2 issues: 1. Firefox crashes everytime I try to open QuickBooks online 2. When I click an email link on a web site, it opens a blank FF browser instead of an email program. Please advise.

    2 issues:
    1. Firefox crashes every time I try to open QuickBooks online. I have submitted numerous crash reports.
    2. When I click an email link on a web site, it opens a blank FF browser instead of an email program. I have set the default to Microsoft Outlook and also tried changing it to Gmail. Each time I click an email link on any web site, however, it just opens up a blank page instead of one of my email programs.

    I'm not clear on where you are seeing that text. When I view Google's cached page from the page found in this search
    https://www.google.com/search?q=site%3Asitetrail.com%2Faskearth.com
    It doesn't match yours exactly. There is an iframe with a Google map in it in the "Hosting Analysis" section, which in your pasted page seems to be the "Site Server" section.
    Which Google site did you search?

  • How can i insert a root certificate into firefox data base

    We are a software development company, we launched an app that is called SAINT, its an internet filters that monitors web traffic, www.saintapp.com, we use a certificate that when going to secure sites, like, hotmail, gmail, aolmail, yahoo mail, banks, etc, it will display an Untrusted connection message and we have to add an exception to continue, that is because firefox uses it own certificate database and does not use microsofts, our app incerts the certificate into microsoftsdata base, how can insert our certificate into Firefox database? or can we sent to you the certificate and you can insert it into your database and release an update? what can we do?
    please advice

    Ok,
    Replace array subset is what I was looking for I think. I'll try it out.
    What I meant earlier is; if you have the array (with row indexing on the left)
    0: 1 1 1 1
    1: 2 2 2 2
    2: 3 3 3 3 
    3: 4 4 4 4
    And you want to put 8888 into array with the insert into array vi, at row 2, it becomes 
    0: 1 1 1 1
    1: 2 2 2 2
    2: 8 8 8 8
    3: 3 3 3 3
    4: 4 4 4 4
    But I want it to look like 
    0: 1 1 1 1
    1: 2 2 2 2
    2: 8 8 8 8
    3: 4 4 4 4 
    So I have overwritten row 2, taking into account array indexing starts at 0 :-)

  • I'm trying to timestamp (RFC 3161) a pdf using my own timestamp server hardware but always get an error: "Certificate invalid for use" ...

    I'm trying to timestamp (RFC 3161) a pdf using my own timestamp server hardware but always get an error: "Certificate invalid for use" (Original text - pt_BR:O certificado não é válido para uso). How can I get more info on what I'm missing or whats wrong with the certificate?

    Which Acrobat version are you using? Do you use "Document Timestamp" command? If so, do you get this error during the signing process and the signature is not created or signature is created and you get this error when it is validated? If the latter you can open signature properties, click on the "Advanced Properties" and in the next dialog on timestamp's "Show Certificate". If you get this error during the signing process do you get an alert that shows some cryptic info with a number? If you do provide the content of this alert.
    Also which Acrobat version (including minor) are you using?

  • How do I install (import) certificat into FireFox using commad line?

    I can import certificat using certutil.exe in command line, but this certificat is available only in Internet Explorer.
    I can import certyficat into FireFox using its GUI. I must import that certificat on more then 60 PCs.
    Question is: how do I install (import) certificat into FireFox using commad line?

    HI ScanBit,
    Thank you for your question, in order to import the certificate in the command line you will need these resources:
    *[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil]
    If you have any other questions about this, we are happy to help.

  • Cannot import my certificate in firefox

    I import my certificate in firefox from Preferences->Advanced->Certificates->View certificates->Import, it seems to work and I get the message "Your personal certificate has been installed. You should keep a backup copy of this certificate". However, afterwards my certificate is not in the list of certificates. How can I import it? Using firefox 34.0.5 on mac OSX 10.9.5.

    Hi guigs2,
    Thank you for the suggestion. Unfortunately the first module does not compile (got an error when running make: "In file included from quickder.c:11:
    ./secasn1.h:15:10: fatal error: 'plarena.h' file not found").
    The links to the second module are broken.
    I have to say my problem is only in firefox for mac, while I am able to import my certificate in firefox in Ubuntu.

  • SSL Strust : Issuer certificate missing in database

    Hi,
    I am apply ssl in Abap stack STRUST.  When i apply the certificate respond from the CA , it showing error
    Issuer certificate missing in database:CN=DigiCert High Assurance CA-3, OU=www.digicert.c
    Any idea??
    Thanks

    In Strust, goto Certificate->Database, create a new "ROOT CA" entry ex;Z_NETCA.
    Select any PSE(System PSE) ->Certificate->Import  and Import the "Issuer Certificate".
    Certificate->Export->Database>Select Z_NETCA, CA, Some description ->OK
    Now you will be able to import your certificate response without any issues.
    To Get the "Issuer Certificate" open your certificate response(certificate) , goto Certification Path TAB and select the next level higher to your Server CA and ->View Certificate->Goto Details tab and Copy to File->Export in base64 or DER format.

  • My iPhone 4S lost simcard reference several times a day and issue message invalid SimCard. I have already replaced simcard three times and not solve the problem. It's necessary to power off and power on to solve it. Could someone help me?

    My iPhone 4S lost simcard reference several times a day and issue message invalid SimCard. I have already replaced simcard three times and not solve the problem. It's necessary to power off and power on to solve it. Could someone help me?

    Return your phone to Apple for evaluation

Maybe you are looking for