Since updating to Firefox 23.0.1, I am unable to connect to our company servers.
Since updating to Firefox 23.0.1, I am unable to connect to our company servers. The error message is "Certificate type not approved for application.", and it gives me no option to create an exception.
In previous versions, Firefox gave the option of creating a security exception, and then everything worked as expected. The new version does not give this option, and hence I cannot connect to our company servers.
I can connect using Explorer, Opera, Chrome, etc., without any problems. Only Firefox refuses to connect.
Please advice.
Alle antwoorden (20)
Try Firefox Safe Mode to see if the problem goes away. Safe Mode is a troubleshooting mode, which disables most add-ons.
(If you're not using it, switch to the Default theme.)
- Open the Help menu and click on the Restart with Add-ons Disabled... menu item while Firefox is running.
Once you get the pop-up, just select "'Start in Safe Mode"
If the issue is not present in Firefox Safe Mode, your problem is probably caused by an extension, and you need to figure out which one. Please follow the Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems article for that.
To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.
Please report back soon.
Safe mode makes no difference, the behaviour is the same. The new Firefox refuses to allow me to create a security exception in this case, and hence I cannot access our company Web site any more.
Older versions of Firefox are fine, as are Explorer, opera, chrome, etc. Only the latest Firefox had this problem.
The Reset Firefox feature can fix many issues by restoring Firefox to its factory default state while saving your essential information. Note: This will cause you to lose any Extensions, Open websites, and some Preferences.
To Reset Firefox do the following:
- Go to Firefox > Help > Troubleshooting Information.
- Click the "Reset Firefox" button.
- Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
- Firefox will open with all factory defaults applied.
Further information can be found in the Refresh Firefox - reset add-ons and settings article.
Did this fix your problems?
If a Reset is too drastic, consider testing a new profile and see whether it allows you to make an exception. This should help distinguish between a settings issue (e.g., corrupted file) or a program issue.
Create a new Firefox profile
The new profile will have your system-installed plugins (e.g., Flash), but no themes, extensions, or other customizations. It also should have completely fresh settings databases and a fresh cache folder.
Exit Firefox and start up in the Profile Manager using Start > search box (or Run):
firefox.exe -P
Any time you want to switch profiles, exit Firefox and return to this dialog.
When creating a new profile, I recommend using the default location suggested, and to avoid data loss, not re-using any existing folder. Before deleting unneeded profiles, I suggest making a backup first in case something were to go wrong.
Does the new profile allow you to work with that site?
The problem remains even after creating a new clean profile.
The new Firefox refuses to allow me to create a security exception in this case, and hence I cannot access our company Web site any more.
Older versions of Firefox are fine, as are Explorer, opera, chrome, etc. Only the latest Firefox has this problem.
Is the Add Exception button missing completely? One scenario in which Firefox does not present the Add Exception button is when the problem page is in an iframe. In that case, try right-clicking the error page and use This Frame > Open in a new tab. Not sure whether this applies to your site.
Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
Where are those files located?
Hi svensktoppen, it's very unlikely that fiddling with certificates will help, if a clean profile didn't solve the problem. Did you try Jscher's suggestion? Here it is again:
Is the Add Exception button missing completely? One scenario in which Firefox does not present the Add Exception button is when the problem page is in an iframe. In that case, try right-clicking the error page and use This Frame > Open in a new tab. Not sure whether this applies to your site.
Also make sure that you do not run Firefox in (permanent) Private Browsing mode (Never Remember History).
- Tools > Options > Privacy > Firefox will: "Use custom settings for history"
- Deselect: [ ] "Always use private browsing mode"
Deleting/recreating the certificate files had no effect.
The "iFrame" suggestion does not work either. The page does not display at all, only the Firefox error message:
"Secure Connection Failed: Certificate type not approved for application".
Again, there was no problem accessing this site in previous versions of FireFox, which allowed a security exception to be created. The new version does not, it just displays the error page with no other options.
The site is fine with all other browsers as well. They all allow a security exception to be created. The new Firefox does not.
Looks like a Firefox bug to me.
Did you inspect the certificate in other browsers and possibly in Firefox?
Is the page opened in a frame if you right-click or check the page source (Ctrl+U)?
The page is not opening at all. I just get the error message "Secure Connection Failed: Certificate type not approved for application".
There is no more information provided. And no means of telling the new FireFox to continue, as I know the site and the certificate are both ok.
Other browsers, as well as previous versions of Firefox would allow the creation of a security exception at this point. It appears the new Firefox blocks completely instead, making it impossible to reach my company server in this case.
Sounds like a bug.
Thanks for those links. Unfortunately, neither helps in this case.
The problem is that the page is not opening at all. I just get the error message "Secure Connection Failed: Certificate type not approved for application".
There is no more information provided. And no means of telling the new FireFox to continue, even though I know the site and the certificate are both ok.
Since I cannot create a security exception, which all other browsers allow precisely to deal with these cases (including earlier versions of Firefox), I cannot access my company servers.
How do I report this bug, so it can be fixed as soon as possible?
You often can work around an unrecognized root authority by exporting a certificate from another browser and importing it into Firefox as an alternative to creating an exception through the UI. However, this error message seems to be aiming at some other issue, so that might not be the problem in this case.
You can try to experiment with the TLS/SSL3 setting to see if you can find a setting that works.
Current Firefox no longer have a user interface setting to disable TLS or SSL3, but you can make the change on the about:config page.
SSL3 and TLS 1.0 are enabled by default in the current Firefox release.
You can set the security.tls.version.min and security.tls.version.max prefs to 0 to disable TLS (0 means SSL3)
You may need to close and restart Firefox after changing these prefs.
security.tls.version.min = 0 security.tls.version.max = 0
0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, etc.
The issue is not with SSL or TLS. The issue is with Firefox.
Thanks for all the helpful suggestions, but this is clearly a bug in Firefox, where the ability to create a security exception has been disabled in this case.
Other browsers, as well earlier versions of Firefox, allow security exceptions to be created, which completely solves the issue.
How do I go about reporting this bug?
Bugs can be filed here: https://bugzilla.mozilla.org/
It would be helpful to include the details of the certificate as they appear in IE's or Chrome's certificate viewer. This will help identify the reason that Firefox is giving you that particular error (Certificate type not approved for application).
I think you can attach screen captures to a bug report if that is the easiest way to convey the information.
Try setting a new DNS server that's what I had to do to solve the problem, the following link will show you how to do that.