1050302 - mozilla::pkix not accepting wildcard certificate: sec_error_bad_signature

Status: RESOLVED WORKSFORME

(Core :: Security: PSM, defect)

Description

[Brandon]

User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; MS-RTC LM 8)

Steps to reproduce:

Upon upgrade to Firefox 31 our user received the following error attempting connection to my.hillmangroup.com. 
Peer's certificate has an invalid signature.
(Error Code: sec_error_bad_signature)
This device has a valid wildcard certificate. (*.hillmangroup.com)


Actual results:

Peer's certificate has an invalid signature.
(Error Code: sec_error_bad_signature)



Expected results:

No error. User presented with sign on screen to our Cisco clientless SSL VPN.

Comment 1

[Brandon]

I opened about:config and changed the security.use_mozillapkix_verification value from "true" to "false" and that fixed the issue.

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

This works for me on the latest Nightly (35), but not on 34, so this was fixed by something else recently.

Comment 4

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Brandon, please comment in this bug

Comment 5

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #4)
> Brandon, please comment in this bug

...if you experience this again. I tried it with Firefox 33 and it seemed to work.