Secure Connection Failed
We have a websites which applied the government certificate authority of Taiwan running as SSL. This is untrusted in Firefox but still can be added as exception website before not anymore today for version 31.0 upgrate. Could you help us to figure it out for this big trouble? Thank you very much! websites as following: https://www.safetaiwan.tw
Sincerely Stanley
Gekose oplossing
Hi Stanley, In the new Firefox 31 there was a new certificate verification added.
Firefox version 31 uses a new verification library to perform security checks on a website. This new library might be causing the OCSP error and preventing access to the site.
The engineers are currently trying to resolve the issue, but in the meantime, you can work around this by changing the following configuration:
- Type in about:config in your address bar.
- You'll see a This might void your warranty! message. Click I'll be careful, I promise!.
- In the Search field, type in "'security.use_mozillapkix_verification"' to bring up that preference.
- Double-click on the preference to set its value to false.
The error message for the site in question: [Error code: sec_error_bad_signature]
Borrowing cor-el instructions for some firewalls monitor https connection a nd send own certs:
*http://support.kaspersky.com/6851 *http://forum.kaspersky.com/index.php?showtopic=264057
1 Go to SETTINGS 2 Click on the BROWN BOX icon 3 Go to NETWORK 4 Click on INSTALL CERTIFICATE (Kaspersky security certificate) follow install instructions.
Lees dié antwoord in konteks 👍 9All Replies (6)
Gekose oplossing
Hi Stanley, In the new Firefox 31 there was a new certificate verification added.
Firefox version 31 uses a new verification library to perform security checks on a website. This new library might be causing the OCSP error and preventing access to the site.
The engineers are currently trying to resolve the issue, but in the meantime, you can work around this by changing the following configuration:
- Type in about:config in your address bar.
- You'll see a This might void your warranty! message. Click I'll be careful, I promise!.
- In the Search field, type in "'security.use_mozillapkix_verification"' to bring up that preference.
- Double-click on the preference to set its value to false.
The error message for the site in question: [Error code: sec_error_bad_signature]
Borrowing cor-el instructions for some firewalls monitor https connection a nd send own certs:
*http://support.kaspersky.com/6851 *http://forum.kaspersky.com/index.php?showtopic=264057
1 Go to SETTINGS 2 Click on the BROWN BOX icon 3 Go to NETWORK 4 Click on INSTALL CERTIFICATE (Kaspersky security certificate) follow install instructions.
According to this test page, your web server is not sending the intermediate certificates: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=www.safetaiwan.tw&protocol=https
When I look at the certificate dialog in IE/Chrome (they share the Windows certificate store), there appear to be four certificates: root, first intermediate, second intermediate, your site. Basically, Firefox wants you to send everything except the root.
The details on how to do that depend on your server. Your server sends this information:
Apache/2.2.27 (Win32) mod_ssl/2.2.27 OpenSSL/1.0.1g PHP/5.3.28
Although the best instructions are from your issuer, here is another page for reference in case it helps: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/0/certificate-installation-apache--mod_ssl
Also, this should help in case other browsers become stricter in the future.
Hi guigs2, Thanks for your patient response, it's work after following you instructions! Although, I hope it could still be more flexible to offer users options not be too strict. I'm sincerely looking forward to hear good news about the next upgrade for this issue on Firefox.
And also thanks to jscher2000, It's helpful advices.
Hi stanleychung, This may also be a good reference for strict issues with the domain name you mentioned. It would be good to gather examples of this for the security team.
Can you please provide an example of the certificate to the bug https://bugzilla.mozilla.org/show_bug.cgi?id=1049185 and cc yourself so that we can follow up on the strict calls.
Thank you!
400error,500error,Cn certificet,basic constraints error totely encountered to me please help! help me..
Hi psubhash982, are these problems on all sites or on particular sites?
The subject of this thread was safetaiwan.tw so if you are having a problem on a different site, I suggest posting a new question with your system details. You can start that using this link:
https://support.mozilla.org/questions/new/desktop/fix-problems
If the articles suggested on the form are not helpful, please scroll down to continue with entering your question.