[Solved] certificate contains unknown critical extension error firefox 5

Secure connection failed
An error occurred during a connection to an internal website
Certificate contains unknown critical extension
(Error code: sec_error_unknown_critical_extension)

I imported the root chain for my internal CAs into FireFox and this fixed the problem.
Tools->Options->Advanced->View Certificates->Import

Similar Messages

When connecting to an internal website, I'm getting an error: "Certificate contain unknown critical extension." What does this mean?

I am getting a connection failure when trying to connect to an internal web site:
Secure Connection Failed
An error occurred during a connection to <sitename>.
Certificate contains unknown critical extension.
(Error code: sec_error_unknown_critical_extension)
Can you give me a general idea what the error is and why I would be getting this error?
Thanks in advance...

The instructions here might help
http://support.apple.com/kb/TS3297

Certificate contains unsupported critical extensions

Hi,
I have a Java client talking to the Active Directory and SunOne directory servers.
During SSL Handshake with a directory server, when there is no trusted cert for a domain, Java client reads the cert using the code below and stores in locally for the next SSL handshake. It worked fine so far except in one use case: Local truststore has cert for the sunone domain and while trying to download the cert for active directory (2003), it throws java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17].
Any one has any idea? SSL log is attached hoping that it helps you in understanding the problem I am facing.
*******start of code************
// Create the client socket
SSLSocketFactory factory = sc.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(hostname, port);
// Connect to the server
socket.startHandshake();
// Retrieve the server's certificate chain
serverCerts = socket.getSession().getPeerCertificates();
// Close the socket
socket.close();
**********end of code*****************
*******start of ssl log*************
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1159239929 bytes = { 122, 126, 26, 117, 92, 175, 14, 179, 16, 90, 157, 205, 247, 203, 21, 150, 73, 209, 254, 162, 253, 9, 46, 106, 50, 27, 243, 157 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
http8080-Processor23, WRITE: TLSv1 Handshake, length = 73
http8080-Processor23, WRITE: SSLv2 client hello message, length = 98
http8080-Processor23, READ: TLSv1 Handshake, length = 4683
*** ServerHello, TLSv1
RandomCookie: GMT: 1159240018 bytes = { 91, 122, 42, 201, 86, 128, 38, 183, 178, 9, 246, 8, 226, 181, 143, 154, 240, 240, 107, 190, 128, 152, 197, 36, 192, 252, 19, 66 }
Session ID: {122, 31, 0, 0, 219, 171, 252, 70, 129, 81, 97, 77, 51, 238, 3, 134, 211, 198, 14, 195, 67, 129, 197, 28, 132, 178, 169, 67, 197, 78, 160, 35}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject:
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c84bb78e 9b42d168 c9e889bc 1301d3db 36db1590 37078b37 1c8519dc 32ea4226
a77a6611 2734c101 14f2ced8 a2cc615a 0056905c e0c91c4f c0dcb1de 81863389
da393198 f49957f7 2d4bc5d4 7a8daca8 ffaafe38 88669c82 a07cd9d8 398e9865
7b5eed6f 0ef8a3b2 c64e79db 2282cb95 6f779ced 81b0a960 2ff96c84 c0150b83
Validity: [From: Tue Jul 05 14:00:14 EDT 2005,
               To: Thu Jul 05 14:10:14 EDT 2007]
Issuer: CN=TeakRootCA, DC=teak, DC=eng
SerialNumber: [    115061b5 00000000 000b]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 0A 06 08 2B 06 01 05 05 07 03 02 .(0&0...+.......
0010: 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C 06 0A 0...+.......0...
0020: 2B 06 01 04 01 82 37 14 02 02 +.....7...
[2]: ObjectId: 2.5.29.17 Criticality=true
SubjectAlternativeName [
[DNSName: mountain.teak.eng]]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A2 31 E9 24 21 A8 BC 4C 7E DE 42 17 0A A6 F8 50 .1.$!..L..B....P
0010: 3E 0F B1 76 >..v
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DE 46 72 03 14 59 88 6B 6A 50 AF 8D 36 DF 7E 8F .Fr..Y.kjP..6...
0010: BE EC B2 B0 ....
[5]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 81 FE 30 81 FB 30 81 A6 06 08 2B 06 01 05 05 ...0..0....+....
0010: 07 30 02 86 81 99 6C 64 61 70 3A 2F 2F 2F 43 4E .0....ldap:///CN
0020: 3D 54 65 61 6B 52 6F 6F 74 43 41 2C 43 4E 3D 41 =TeakRootCA,CN=A
0030: 49 41 2C 43 4E 3D 50 75 62 6C 69 63 25 32 30 4B IA,CN=Public%20K
0040: 65 79 25 32 30 53 65 72 76 69 63 65 73 2C 43 4E ey%20Services,CN
0050: 3D 53 65 72 76 69 63 65 73 2C 43 4E 3D 43 6F 6E =Services,CN=Con
0060: 66 69 67 75 72 61 74 69 6F 6E 2C 44 43 3D 74 65 figuration,DC=te
0070: 61 6B 2C 44 43 3D 65 6E 67 3F 63 41 43 65 72 74 ak,DC=eng?cACert
0080: 69 66 69 63 61 74 65 3F 62 61 73 65 3F 6F 62 6A ificate?base?obj
0090: 65 63 74 43 6C 61 73 73 3D 63 65 72 74 69 66 69 ectClass=certifi
00A0: 63 61 74 69 6F 6E 41 75 74 68 6F 72 69 74 79 30 cationAuthority0
00B0: 50 06 08 2B 06 01 05 05 07 30 02 86 44 68 74 74 P..+.....0..Dhtt
00C0: 70 3A 2F 2F 6D 6F 75 6E 74 61 69 6E 2E 74 65 61 p://mountain.tea
00D0: 6B 2E 65 6E 67 2F 43 65 72 74 45 6E 72 6F 6C 6C k.eng/CertEnroll
00E0: 2F 6D 6F 75 6E 74 61 69 6E 2E 74 65 61 6B 2E 65 /mountain.teak.e
00F0: 6E 67 5F 54 65 61 6B 52 6F 6F 74 43 41 2E 63 72 ng_TeakRootCA.cr
0100: 74 t
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.1, 1.3.6.1.4.1.311.20.2.2]]
[7]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=TeakRootCA,CN=mountain,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=teak,DC=eng?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://mountain.teak.eng/CertEnroll/TeakRootCA.crl]
[8]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[9]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2B 30 29 06 21 2B 06 01 04 01 82 37 15 08 84 .+0).!+.....7...
0010: 9B D5 29 87 9F A9 39 83 D5 8B 04 85 98 9D 3E 83 ..)...9.......>.
0020: CC DD 12 81 3E 01 1C 02 01 6E 02 01 01 ....>....n...
Algorithm: [SHA1withRSA]
Signature:
0000: 56 0A 7A E6 CF B2 E1 26 19 56 97 D8 9A CE DF 91 V.z....&.V......
0010: A2 8C 9B 1F 5F DB DB 8C 2B 53 AF 30 B3 E3 67 58 ...._...+S.0..gX
0020: 28 3F 79 D4 E9 CD F8 36 94 D2 72 1A 4F FE 29 E1 (?y....6..r.O.).
0030: 65 B8 97 F6 50 22 1D DD D9 36 C3 07 EB 38 FC 7F e...P"...6...8..
0040: 25 D6 64 F1 A9 9A F9 7D 2C 6A 55 A4 11 52 2B 1A %.d.....,jU..R+.
0050: BC 42 04 77 34 52 BD 12 EC 26 F2 7F AA 25 E6 18 .B.w4R...&...%..
0060: 36 13 31 E4 F1 F3 48 88 98 E8 AE 34 AB D2 27 CF 6.1...H....4..'.
0070: 00 FD FA 39 D6 85 AE 85 26 F9 11 8A AB A2 16 BB ...9....&.......
0080: 7A F9 E3 83 35 E8 7E D7 27 8D 77 20 EC C7 57 51 z...5...'.w ..WQ
0090: F1 4B AA 66 4B 8D 4D 5F 37 EE F2 ED 52 71 5E 29 .K.fK.M_7...Rq^)
00A0: EF 9D E2 1F 7E 67 2F 05 0F FE EE 23 AC 5A 5C 49 .....g/....#.Z\I
00B0: 3B DE B3 ED 58 6E 29 D2 C1 F0 43 35 10 04 86 3A ;...Xn)...C5...:
00C0: 72 05 AA 60 D1 72 33 9E 60 17 72 0E BF 56 F4 80 r..`.r3.`.r..V..
00D0: 4D 4B 1A 72 A1 C2 EF 0F 22 9E 0B 54 94 E2 B4 14 MK.r...."..T....
00E0: 6A C7 FC 78 C6 34 DC 5D 87 B6 5D 6E 65 C0 AF 88 j..x.4.]..]ne...
00F0: AD 4E FF 87 A0 58 E5 CF EB 95 63 8C E3 31 AC 31 .N...X....c..1.1
http8080-Processor23, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http8080-Processor23, WRITE: TLSv1 Alert, length = 2
http8080-Processor23, called closeSocket()
http8080-Processor23, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17]
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1159239929 bytes = { 67, 120, 60, 26, 138, 189, 179, 207, 211, 140, 175, 81, 93, 103, 239, 224, 27, 242, 230, 30, 153, 169, 223, 186, 180, 132, 121, 153 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
http8080-Processor23, WRITE: TLSv1 Handshake, length = 73
http8080-Processor23, WRITE: SSLv2 client hello message, length = 98
http8080-Processor23, READ: TLSv1 Handshake, length = 4683
*** ServerHello, TLSv1
RandomCookie: GMT: 1159240018 bytes = { 174, 227, 68, 111, 147, 74, 23, 145, 16, 135, 129, 19, 196, 50, 38, 91, 30, 196, 73, 6, 223, 41, 254, 91, 147, 164, 245, 224 }
Session ID: {143, 5, 0, 0, 136, 218, 100, 129, 162, 241, 9, 237, 84, 103, 211, 163, 64, 248, 235, 253, 222, 214, 65, 49, 20, 1, 1, 138, 30, 86, 30, 116}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
Subject:
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
c84bb78e 9b42d168 c9e889bc 1301d3db 36db1590 37078b37 1c8519dc 32ea4226
a77a6611 2734c101 14f2ced8 a2cc615a 0056905c e0c91c4f c0dcb1de 81863389
da393198 f49957f7 2d4bc5d4 7a8daca8 ffaafe38 88669c82 a07cd9d8 398e9865
7b5eed6f 0ef8a3b2 c64e79db 2282cb95 6f779ced 81b0a960 2ff96c84 c0150b83
Validity: [From: Tue Jul 05 14:00:14 EDT 2005,
               To: Thu Jul 05 14:10:14 EDT 2007]
Issuer: CN=TeakRootCA, DC=teak, DC=eng
SerialNumber: [    115061b5 00000000 000b]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 0A 06 08 2B 06 01 05 05 07 03 02 .(0&0...+.......
0010: 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C 06 0A 0...+.......0...
0020: 2B 06 01 04 01 82 37 14 02 02 +.....7...
[2]: ObjectId: 2.5.29.17 Criticality=true
SubjectAlternativeName [
[DNSName: mountain.teak.eng]]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A2 31 E9 24 21 A8 BC 4C 7E DE 42 17 0A A6 F8 50 .1.$!..L..B....P
0010: 3E 0F B1 76 >..v
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DE 46 72 03 14 59 88 6B 6A 50 AF 8D 36 DF 7E 8F .Fr..Y.kjP..6...
0010: BE EC B2 B0 ....
[5]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 81 FE 30 81 FB 30 81 A6 06 08 2B 06 01 05 05 ...0..0....+....
0010: 07 30 02 86 81 99 6C 64 61 70 3A 2F 2F 2F 43 4E .0....ldap:///CN
0020: 3D 54 65 61 6B 52 6F 6F 74 43 41 2C 43 4E 3D 41 =TeakRootCA,CN=A
0030: 49 41 2C 43 4E 3D 50 75 62 6C 69 63 25 32 30 4B IA,CN=Public%20K
0040: 65 79 25 32 30 53 65 72 76 69 63 65 73 2C 43 4E ey%20Services,CN
0050: 3D 53 65 72 76 69 63 65 73 2C 43 4E 3D 43 6F 6E =Services,CN=Con
0060: 66 69 67 75 72 61 74 69 6F 6E 2C 44 43 3D 74 65 figuration,DC=te
0070: 61 6B 2C 44 43 3D 65 6E 67 3F 63 41 43 65 72 74 ak,DC=eng?cACert
0080: 69 66 69 63 61 74 65 3F 62 61 73 65 3F 6F 62 6A ificate?base?obj
0090: 65 63 74 43 6C 61 73 73 3D 63 65 72 74 69 66 69 ectClass=certifi
00A0: 63 61 74 69 6F 6E 41 75 74 68 6F 72 69 74 79 30 cationAuthority0
00B0: 50 06 08 2B 06 01 05 05 07 30 02 86 44 68 74 74 P..+.....0..Dhtt
00C0: 70 3A 2F 2F 6D 6F 75 6E 74 61 69 6E 2E 74 65 61 p://mountain.tea
00D0: 6B 2E 65 6E 67 2F 43 65 72 74 45 6E 72 6F 6C 6C k.eng/CertEnroll
00E0: 2F 6D 6F 75 6E 74 61 69 6E 2E 74 65 61 6B 2E 65 /mountain.teak.e
00F0: 6E 67 5F 54 65 61 6B 52 6F 6F 74 43 41 2E 63 72 ng_TeakRootCA.cr
0100: 74 t
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.1, 1.3.6.1.4.1.311.20.2.2]]
[7]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=TeakRootCA,CN=mountain,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=teak,DC=eng?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://mountain.teak.eng/CertEnroll/TeakRootCA.crl]
[8]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[9]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2B 30 29 06 21 2B 06 01 04 01 82 37 15 08 84 .+0).!+.....7...
0010: 9B D5 29 87 9F A9 39 83 D5 8B 04 85 98 9D 3E 83 ..)...9.......>.
0020: CC DD 12 81 3E 01 1C 02 01 6E 02 01 01 ....>....n...
Algorithm: [SHA1withRSA]
Signature:
0000: 56 0A 7A E6 CF B2 E1 26 19 56 97 D8 9A CE DF 91 V.z....&.V......
0010: A2 8C 9B 1F 5F DB DB 8C 2B 53 AF 30 B3 E3 67 58 ...._...+S.0..gX
0020: 28 3F 79 D4 E9 CD F8 36 94 D2 72 1A 4F FE 29 E1 (?y....6..r.O.).
0030: 65 B8 97 F6 50 22 1D DD D9 36 C3 07 EB 38 FC 7F e...P"...6...8..
0040: 25 D6 64 F1 A9 9A F9 7D 2C 6A 55 A4 11 52 2B 1A %.d.....,jU..R+.
0050: BC 42 04 77 34 52 BD 12 EC 26 F2 7F AA 25 E6 18 .B.w4R...&...%..
0060: 36 13 31 E4 F1 F3 48 88 98 E8 AE 34 AB D2 27 CF 6.1...H....4..'.
0070: 00 FD FA 39 D6 85 AE 85 26 F9 11 8A AB A2 16 BB ...9....&.......
0080: 7A F9 E3 83 35 E8 7E D7 27 8D 77 20 EC C7 57 51 z...5...'.w ..WQ
0090: F1 4B AA 66 4B 8D 4D 5F 37 EE F2 ED 52 71 5E 29 .K.fK.M_7...Rq^)
00A0: EF 9D E2 1F 7E 67 2F 05 0F FE EE 23 AC 5A 5C 49 .....g/....#.Z\I
00B0: 3B DE B3 ED 58 6E 29 D2 C1 F0 43 35 10 04 86 3A ;...Xn)...C5...:
00C0: 72 05 AA 60 D1 72 33 9E 60 17 72 0E BF 56 F4 80 r..`.r3.`.r..V..
00D0: 4D 4B 1A 72 A1 C2 EF 0F 22 9E 0B 54 94 E2 B4 14 MK.r...."..T....
00E0: 6A C7 FC 78 C6 34 DC 5D 87 B6 5D 6E 65 C0 AF 88 j..x.4.]..]ne...
00F0: AD 4E FF 87 A0 58 E5 CF EB 95 63 8C E3 31 AC 31 .N...X....c..1.1
http8080-Processor23, SEND TLSv1 ALERT: fatal, description = certificate_unknown
http8080-Processor23, WRITE: TLSv1 Alert, length = 2
http8080-Processor23, called closeSocket()
http8080-Processor23, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17]
Finalizer, called close()
Finalizer, called closeInternal(true)
*************end of ssl log**********

When verifying certificates, you're supposed to reject them when you don't understand a critical extension.
Why this certificate has the extension[SubjectAlternativeName] marked as critical, I don't know.

I am getting this error when I open Firefox after DLing Firefox 5 (never seen this in any other previous version): FATAL ERROR : The dynamic C library contained in the extension file could not be found.

Hi there,
I'm getting this error when opening Firefox 5:
FATAL ERROR : The dynamic C library contained in the extension file could not be found.
I've never seen this error before... First time it happened was immediately after DLing Firefox 5 yesterday. I haven't DLed or installed anything else recently.
I see that you already have my system info. Any help is much appreciated!

Just read in another post that there is a known 49 character limit on the file path for QuickTime movies..

I have a server runnng on Mac OS 9.2.2 with a secure certificate from Verisign. Apparently some Firefox users get a message warning that the issuer is unknown to them. Verisign is perhaps the best-known issuer of certificates

Note: I am in the process of moving the site to our central server so all pages, with the exception of the secure ones and the homepage, are redirected. See https://www.homelink-usa.com/secure/subscribe/subscribe.lasso which is secure and, in my browser Firefox 3.6.13, the location window is blue just like your site that I am typing on. The certificate expires on March 20, 2011.
I do not get the error message on any of my machines or browsers.
Karl
This Connection is Untrusted
You have asked Firefox to connect securely to *www.homelink-usa.com*,
but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place. However,
this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could
mean that someone is trying to impersonate the site, and you shouldn't
continue.
Technical Details
www.homelink-usa.com uses an invalid security certificate. The
certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
I Understand the Risks
If you understand what's going on, you can tell Firefox to start
trusting this site's identification. *Even if you trust the site, this
error could mean that someone is tampering with your connection.*
Don't add an exception unless you know there's a good reason why this
site doesn't use trusted identification.

Might have a hardware issue that was caused by the minor liquid spill.
Take it to Apple to have them look at it. I think they do a free diagnostics. That way you can find out what's wrong with your MB.
Good luck....Hope you get it sorted out.

"Cannot open File Extension. Unknown file extension. Error code: 40003-5"

Good Afternoon Everyone,
I am getting an error message when the user is trying to access the link on their activity.
"Cannot open File Extension. Unknown file extension. Error code: 40003-5"
Can someone help?

Please go to administration ->system initilization->general settings> path tab and define all the paths.
i.e you must specify the path of each & every folder from where you are going to open the file.
Hope your problem would be solved
Regards,
ShriX.

I get a "Secure Connection Failed" error with google stating "certificate contains the same serial number"

When I click on a link for a google search, I get the "Secure Connection Failed" error in Firefox. It states, "Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority."
I have followed the instructions here:
https://support.mozilla.org/en-US/kb/Certificate%20contains%20the%20same%20serial%20number%20as%20another%20certificate
and looked at this article:
https://support.mozilla.org/en-US/questions/1028103?esab=a&as=aaq
I have uninstalled and reinstalled Firefox, deleted the entire profiles folder, and reset Firefox. I see that the older (orphaned) article points to my router. However, I have a new router and have updated its software. There is no button to add an exception (as noted in the article), so I can't just bypass it. This problem does not occur with IE, so I have a hard time believing it is my router.
How do I troubleshoot this issue? I really don't want to change browsers.

Here is a screen shot of the error.

"Firefox Certificate Installator has stoppped working" error message

Every time I start FIrefox, I receive the error "Firefox Certificate Installator has stopped working". This started after I updated my Kaspersky antivirus to the 2013 version.

Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
*Do not click the Reset button on the Safe mode start window or otherwise make changes.
*https://support.mozilla.org/kb/Safe+Mode
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

Error message in Logic "audio configuration contains unknown items"

I am using Logic Studio with an apogee Duet and Mac Book Pro.
So far I love the apogee duet for it's simplicity and sound. I have
however started to receive this error message working with Logic Studio,
almost anytime I start a new track, add a plug-in or instrument, etc.
"Audio Configuration contains unknown items"
It did not do this from the very beginning but started after a few
sessions. I have tried re-installing the driver disc for the Duet but it still happens.
when it does pop-up i can click the ok box and after clicking several times
it will go away and let me proceed.
Could anyone please advise me.
thank you very much.

Maybe this happen bacause you put many additional info in your "Aple discussion" profile about the software that you use, but we can also say you the same as Logic message:
your detailed "Audio configuration" profile info contain a "unknow item"
Whitch is your audio interface?
G
PS: anyway, try to trash Logic preferences.

[SOLVED] Unknown SSL protocol error in connection

Hi there. I'm trying to get a website with curl but i'm getting this error:
[martriay@atila ~]$ curl -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x20412c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x20412c0) send_pipe: 1, recv_pipe: 0
* Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to servicios1.afip.gov.ar:443
And when i try with SSLv3:
[martriay@atila ~]$ curl -3 -v "https://servicios1.afip.gov.ar"
* Rebuilt URL to: https://servicios1.afip.gov.ar/
* Hostname was NOT found in DNS cache
* Adding handle: conn: 0x8032c0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x8032c0) send_pipe: 1, recv_pipe: 0
* Trying 200.1.116.53...
* Connected to servicios1.afip.gov.ar (200.1.116.53) port 443 (#0)
* Unsupported SSL protocol version
* Closing connection 0
curl: (35) Unsupported SSL protocol version
That's from my archlinux server, while on my desktop's fedora it works just fine. Both computers are within the same network.
openssl version:
[martriay@atila ~]$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
openssl connection attempt
[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443
CONNECTED(00000003)
write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 322 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
If I add the -ssl3 option:
[martriay@atila ~]$ openssl s_client -connect servicios1.afip.gov.ar:443 -ssl3
CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
0 s:/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Server certificate
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
subject=/C=AR/postalCode=1086/ST=Ciudad Autonoma de Buenos Aires/L=Capital Federal/street=Hipolito Yirigoyen 370/O=ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS/OU=Issued through ADMINISTRACION FEDERAL DE INGRESOS PUBLICOS E-PKI/OU=InstantSSL/CN=servicios1.afip.gov.ar
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
No client certificate CA names sent
SSL handshake has read 3048 bytes and written 485 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID: F34244E0C2E402103FC9B7216E504E89761FDAF31CC1AC3A7939BE99AD8D0C57
Session-ID-ctx:
Master-Key: 146C91E59E259AD38C1E7A0B8E5DBEAE2D768622DE4045CD927D60A40FF8CA527A2694E227FEE30CC0909ADE0B72B0C8
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1389232087
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Any ideas?
Last edited by martriay (2014-01-09 14:05:02)

Downgrade curl to 7.33.0-3. There is a known bug that is now fixed and should be released with the next version. I got bit by this too
Scott

On some sites we get sec_error_unknown_issuer SSL error due to missing root certificate TC TrustCenter Class 2 L1 CA XI. Firefox is the only browser having this issue. Why is that certificate not preinstalled and shipped with Firefox?

On some sites we get sec_error_unknown_issuer SSL error due to missing root certificate TC TrustCenter Class 2 L1 CA XI. Firefox is the only browser having this issue. Why is that certificate not preinstalled and shipped with Firefox?
Check sales.sauer-danfoss.com for details with Firefox 7.
Thanks
Stefan

You are not sending the TC TrustCenter Class 2 L1 CA XI intermediate certificate
*http://sales.sauer-danfoss.com/
Web servers need to send all required intermediate certificates to build the chain to build-in root certificates.
You need to install that intermediate certificate on your server.
*http://www.trustcenter.de/en/infocenter/root_certificates.htm#3479
You can test the certificate chain via a site like this:
*http://www.networking4all.com/en/support/tools/site+check/

LoadExternalModule throws error (-7 Unknown file extension) when working with source-code.

Utility library function LoadExternalModule (admittedly marked as obsolete - but key to one of our older software)
fails with error code (-7 Unknown file extension.) in CVI 2012SP1 and 2013 Version 13.0.0(647) on Win7
The suggested alternative Win32 API GetProcAddress doesn't work with source or obj files (so isn't an alternative at all)
The Target-Settings to "Enable LoadExternalModule" are already checked.
Any suggestions ?
This code-snipped shows the behavior :
// File "Main.c"
#include <utility.h>
int main(void)
void (*funcPtr) (void);
int moduleID;
int status;
// Library-Function-Error : -7 Unknown file extension.
moduleID = LoadExternalModule ("Test.c");
funcPtr = GetExternalModuleAddr (moduleID, "test_function", &status);
(*funcPtr) ();
return 0;
// File "Test.c"
void test_function(void)

Hi,
Thanks for teh inf regarding the LoadExternal Module,
Using the LoadExternalmodule as you mentionned requires using a .obj file but this lead me to an issue getting a Control value from an .obj file called from a dll
When using the LoadExternalModule function in CVI 2013, we can no longer use a .c file. Instead we have to use an .obj file.
My issue is that' impossible for me to get a control value from an .iur managed by the .obj witchi is called by a dll.
Otherwise it's impossible for me to get the control vale when calling the .obj from a dll.
Any suggestions Amigos
Thanks

Setup SSL on ABAP : the issuer certificate is unknown

Hello,
I've been asked to set up the SSL on SAP 6.20 web applications servers (4.7).
I've carefully followed the instructions given in sap note 510007 : sapcryptolib installed, parametres configured, SSL server PSE configured, etc ..
Now, we have to create a certificate request and send it to our CA.
But, before to do that I wanted to test SSL server.
I found in the sapmarketplace that you can request a SSL Test Server Certificates, apparently it works exactly like the "real" SSL Server Certificates exept that it is temporary ( 8 weeks).
Therefore, I've generated the certificate request, sent it to sap trust certificate center, and imported the certificate response into the PSE, exactly as described in sap documentation.
Then I've established the trust relashionship necessary when using the SSL server PSE, I mean that I've imported the CA root certificate that the server should trust : TC TrustCenter Class 2 CA
Then I have inserted it into the server PSE's certificate list. In the end, I've restarted the ICM.
I wanted to test the SSL feature by sending https requests to the WAS but I got the following error (firefox):
******************************:1443 uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
Unknown identity, certificate is not trusted because it hasn't been verified by a recognized authority
As you can imagine, I checked the certificate authorities in the browser, and TC TrustCenter Class 2 CA exists ... so I really do not underdtand where does the error come from ? Maybe from the TEST server certificate ?
I encounter the same behaviour with IE7.
Thank you in advance for your help.
Best regards.
Raoul.
Edited by: Raoul Shiro on Mar 30, 2009 8:58 PM

Hi Raoul,
the SSL Test Server Certificates are issued from the SAP Server CA. You need to install the root certificate of the SAP Server CA in your browser. You can download this root certificate from [http://service.sap.com/tcs] -> Download Area -> Root Certificates.
Best regards,
Klaus

Doesn't start when starting as administrator. Error Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.

Update firefox, it asked me to update flash, I tried to update flash but it said I had to close firefox. A box came up and said the Flash install would continue when I closed firefox. I closed all firefox windows and no update of flash occurred. I tried relaunching firefox but got the "Doesn't start when starting as administrator. Error Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system." message. I rebooted the system, no improvement. I tried to run firefox as administrator and got the same message. Either I find a fix or I won't be able to use firefox and will have to go back to ie.

-> press '''CTRL''' + '''SHIFT''' + '''ESC''' to Open Task Manager -> Processes tab -> right-click '''firefox.exe''' and click '''End Process Tree''' -> close Task Manager
Troubleshooting extensions and themes
* https://support.mozilla.com/en-US/kb/Troubleshooting%20extensions%20and%20themes
Troubleshooting plugins
* https://support.mozilla.com/en-US/kb/Troubleshooting%20plugins
Check and tell if its working.

A critical program error occured when running a workbook

Some end users get a critical program error occured when running a workbook when they want to make selections.
In the trace they get the following message
System.ArgumentException: Item has already been added. Key in dictionary: "44ABATDK7TYM365CYLQ0VDKU6" Key being added: "44ABATDK7TYM365CYLQ0VDKU6"
This happens only on some PC clients !
Thanks for any help !
Ivan

Hi Vid,
Thanks for your suggestion.
I am using a different patch i.e.
BI AddOn 7.X (based on 7.10), Support Package 5, Revision 1083
and it helps to solve my problem.
Cheers.

[Solved] certificate contains unknown critical extension error firefox 5

Similar Messages

Maybe you are looking for