It should help save people the frustration and higher blood pressure I experienced.
FIREFOX 3.6.28 WINDOWS FREE
If you know how or got authority to modify top section of this report and have it reference to this comment or article as a temporary fix, please feel free to do so. I believe the issue of this report has WORKAROUND/TEMPORARY SOLUTION (I hope for all or most), until FF is patched, at the following article: So, a How-To Fix article has been published for it at Which made me sigh and get frustrated and consume a lot of research time. Īs of last week, I still had this problem on FF versions 25 through 28, and as I recall, prior versions of FF. Ĭertutil -A -n "DO_NOT_TRUST_FiddlerRoot - DO_NOT_TRUST #3" -t "CT,c,c" -i FiddlerRoot3.cer -d.
Ĭertutil -A -n "DO_NOT_TRUST_FiddlerRoot - DO_NOT_TRUST #2" -t "CT,c,c" -i FiddlerRoot2.cer -d. I've since been using certutil to add certificates to a cert8.db for default profiles so for now I guess I can reset to that cert8.db or trust all Fiddler certificates by manually adding them to cert8.db which will probably look something like this:Ĭertutil -A -n "DO_NOT_TRUST_FiddlerRoot - DO_NOT_TRUST" -t "CT,c,c" -i FiddlerRoot.cer -d. If you do that you'll lose everything but the hard coded NSS CA certificates. In the past as a workaround for sec_error_bad_signature I've removed cert8.db. Peer's certificate has an invalid signature. In Firefox (tested in Firefox 24 ESR) go to An error occurred during a connection to localhost:4433. Socat openssl-listen:4433,reuseaddr,cert=,verify=0,fork. Now start a server with the key from the other box (box1 in this example): Options > Advanced > Certificates > View Certificates > Authorities > Import To reproduce create a new Firefox profile and trust box1 or box2, for example : Makecert.exe -pe -ss my -n "CN=localhost, O=DO_NOT_TRUST, OU=Created by " -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b Īs long as the box they come from is the same everything is fine in Firefox but if I trust a different box CA than the one that's signed the presented certificate I get sec_error_bad_signature with no option for an exception. I used makecert in the Fiddler directory to make the localhost certificates: Attached are two CA certificates and I signed a certificate for localhost with each of them: I already had a Fiddler CA certificate trusted on the local box and I suspect not being able to differentiate between the two might have something to do with this problem. Today I had the problem when I connected to a Fiddler web debugging proxy on a remote box. Details I've had this problem a few times. The website is run by a tomcat server which has this just this key in, along with the relevant company certificate, added via keytool as -trustedcacertsĪs this is internal you can't all have a look, but it does show that:Ī) Firefox does reject certificates which other browsers acceptī) When it does so you are completely stuck, as their is *no way to view that web site at all* in Firefox.Ĭ) The error message isn't helpful, as you can't see *why* FF thinks the signature is bad (although that might be inevitable.)
(Today isn't the first time I've hit this - just that I hit it again today with a new certificate - I usually use The connection is encrypted using RC4_128, with SHA1 for messageĪuthentication and ECDHE_RSA as the key exchange mechanism. (All browsers have my company's certificates installed for authority).īits of info from those two browsers' view of the certificates: * If you have connected to this server successfully in the past, the error mayīe temporary, and you can try again later.Īlso I am unable to create a exception for the site, I just get the error listed above.Īllowed me to create a exception, but warn me about the risk.įWIW I get this message in *both* Firefox 15.0 (MS Windows) and 3.6.28 (Linux) for an internal website signed by my company's own certificate.īoth Chrome and IE8 accept the certificate. Someone trying to impersonate the server. * This could be a problem with the server's configuration, or it could be Plesk works in internet explorer and previous versions of the browser.Īn error occurred during a connection to 75.127.66.155:8443. I am unable to access Plesk (Server control panel software) using Mozilla Firefox 3 BETA.
0 kommentar(er)
