Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

"The connection to the server was reset while the page was loading." when loading intranet HTTPS site

  • 2 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 g.kostov

more options

I just installed an Enterprise Root CA in Active Directory Integrated mode. I issued an certificate to one of our servers. Everything worked fine. IE 11 and Chrome have no problem opening my test intranet site. However Firefox keeps giving me this error:

  Secure Connection Failed
  The connection to the server was reset while the page was loading.
      The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
      Please contact the website owners to inform them of this problem.

I imported my Root CA certificate in Firefox but it didn't help. I played several times with certificate options while issuing the certificate, but none of them helped. In IE and Chrome my test site worked OK under all options.

The current options of test site's certificate are as follows:

Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:36 Valid to: 23.01.2019, 14:46 Subject: <my server's fqdn> Public key: RSA (2048 bits) Enhanced key usage: Server Authentication Subject Alternative Name: DNS=<my server's fqdn>&DNS=<my server's hostname> Key Usage: Digital Signature, Key Encipherment (a0)

My Root CA's certificate has these options:

Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:28 Valid to: 23.01.2019, 14:38 Subject: <my Root CA> Public key: RSA (2048 bits) Certificate template: CA Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)

The CA, Test web server, and Firefox browser are all on the same Windows 2012 R2 machine. I tried Firefox browser on two other computers - no difference. Server's security protocols are configured (using IIS Crypto 2.0) as follows:

 Protocols: TLS 1.0, TLS 1.1, TLS 1.2
 Ciphers: 3DES 168, AES 128, AES 256
 Hashes: SHA256, SHA384, SHA512
 Key Exchanges: Diffie-Hellman, PKCS, ECDH

Since mots of user's at my place prefer Firefox, I have to find a solution for this problem before launching my CA in production. So your cooperation would be highly appreciated!

Best regards George

I just installed an Enterprise Root CA in Active Directory Integrated mode. I issued an certificate to one of our servers. Everything worked fine. IE 11 and Chrome have no problem opening my test intranet site. However Firefox keeps giving me this error: Secure Connection Failed The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I imported my Root CA certificate in Firefox but it didn't help. I played several times with certificate options while issuing the certificate, but none of them helped. In IE and Chrome my test site worked OK under all options. The current options of test site's certificate are as follows: Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:36 Valid to: 23.01.2019, 14:46 Subject: <my server's fqdn> Public key: RSA (2048 bits) Enhanced key usage: Server Authentication Subject Alternative Name: DNS=<my server's fqdn>&DNS=<my server's hostname> Key Usage: Digital Signature, Key Encipherment (a0) My Root CA's certificate has these options: Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:28 Valid to: 23.01.2019, 14:38 Subject: <my Root CA> Public key: RSA (2048 bits) Certificate template: CA Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) The CA, Test web server, and Firefox browser are all on the same Windows 2012 R2 machine. I tried Firefox browser on two other computers - no difference. Server's security protocols are configured (using IIS Crypto 2.0) as follows: Protocols: TLS 1.0, TLS 1.1, TLS 1.2 Ciphers: 3DES 168, AES 128, AES 256 Hashes: SHA256, SHA384, SHA512 Key Exchanges: Diffie-Hellman, PKCS, ECDH Since mots of user's at my place prefer Firefox, I have to find a solution for this problem before launching my CA in production. So your cooperation would be highly appreciated! Best regards George

所有回复 (2)

more options

What cipher suite use the other programs and what cipher suites does the server offer to browsers?

If weak and unsafe cipher suites are supported then Firefox or possibly security software might terminate the connection.

more options

cor-el said

What cipher suite use the other programs and what cipher suites does the server offer to browsers? If weak and unsafe cipher suites are supported then Firefox or possibly security software might terminate the connection.

As i said in first question, server is configured to use 3DES 168, AES 128, AES 256. Chrome reports "AES_256_GCM" as used cipher.

Meanwhile I tried to reproduce the problem on another Intranet server, and it worked fine there. I requested certificate with the same options from the same CA, and when installed it worked fine with Firefox too. I'll investigate to find differences between two servers, but in general the problem is most likely in server configuration. The fact that only Firefox was affected led me to search resolution here, but obviously there is another reason in the server which had to be found yet.

Thanks for cooperation.

由g.kostov于修改