Starting with 31.0 Some HTTPS pages error with Secure Connection Failed - Error code: sec_error_ca_cert_invalid

RESOLVED WORKSFORME

Status

()

Core
Security: PSM
RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: BSN, Unassigned)

Tracking

31 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

586 bytes, application/x-x509-ca-cert
Details
(Reporter)

Description

4 years ago
Created attachment 8461534 [details]
Tripwire CA Cert

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release)
Build ID: 20140716183446

Steps to reproduce:

After FF 31.0 upgrade on a Windows 7 desktop, I can no longer connect to my Tripwire Management Consoles. I get the error: "Secure Connection Failed An error occurred during a connection to tripwire.meijer.com. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)".    

I have tried deleting cert8.db and secmod.db and it did not help. I also tried creating a new profile and that did not help.  I even tried importing their certificate and root certificate into the browser and that did not help.  I have other product consoles with self-signed certificates that continue to work just fine.  This site works in other browsers.  The certificate is RSA (1024-bit).


Actual results:

Secure Connection Failed

An error occurred during a connection to tripwire.meijer.com. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.


Expected results:

I don't see an option to trust this site the connection just fails. I need a way to tell Firefox to trust these servers, so I can manage them.

Comment 1

4 years ago
I suspect this is due to https://wiki.mozilla.org/CA:MD5and1024, but I'm not sure. David?
Flags: needinfo?(dkeeler)

Updated

4 years ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
(Reporter)

Comment 2

4 years ago
Well, I resolved this one. I had imported the CA cert into Authorities Tab using the browser UI and it did not resolve the issue.  So, I deleted the CA certificate from the browser.  However, I just now clicked on the link for the CA Certificate that I uploaded to this bug report and when Firefox prompted I added it to trust server identities.   Now the Tripwire console is loading just fine even though it was the exact same CA certificate file that I had imported earlier from the UI.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
Group: core-security
Flags: needinfo?(dkeeler)
You need to log in before you can comment on or make changes to this bug.