browser won't let me add a security exception - sec_error_unknown_issuer

RESOLVED INCOMPLETE

Status

()

Core
Security: PSM
--
major
RESOLVED INCOMPLETE
4 years ago
2 years ago

People

(Reporter: Suburp, Unassigned, NeedInfo)

Tracking

(Depends on: 1 bug)

33 Branch
x86_64
All
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141027150301

Steps to reproduce:

Go to a company internal website in sharepoint, where we have some xls and ppt files.
Sinde we updated to Sharepoint 2013 and since FF33.0.2 came out, some of these files trigger a security exception.
This is known in bug https://bugzilla.mozilla.org/show_bug.cgi?id=659736 but seems to be back now, and some users there commented that new finds must be listed separately, so here we go.




Actual results:

I cannot add an exception, the dialog box simply does not appear.
Have already deleted the Cert8.db - no effect.
Also deleted all history in the browser, ditto, no effect.


Here the entire error page in Dutch, but its the standard "certificate is not safe yadu yadu" website, only it's within our own company, and worked for the past years.

    versie33.0.2
    tijd geopend26967 min
    laatste crash2014-10-29
    bladwijzers2272



U hebt Firefox gevraagd een beveiligde verbinding op te zetten met servername, maar we kunnen niet bevestigen dat uw verbinding beveiligd is.


Normaal gesproken zullen websites vertrouwde identificatie tonen wanneer u een beveiligde verbinding wilt opzetten, om te bewijzen dat u naar de juiste plek gaat. De identiteit van deze website kan echter niet worden bevestigd.
Wat moet ik doen?

Als u doorgaans zonder problemen verbinding maakt met deze website, kan deze fout betekenen dat iemand de website probeert na te bootsen en kunt u beter niet verdergaan.

servername gebruikt een ongeldig beveiligingscertificaat. Het certificaat wordt niet vertrouwd, omdat het uitgeverscertificaat onbekend is. (Foutcode: sec_error_unknown_issuer


Expected results:

The button "add exception" should have appeared.
It didn't.

There is, of course, a workaround.
first, copy the servername exactly as in the browser error page, then
Go to Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers " then 
manually add an exception.

Still no idea why the button to do so has vanished, but at least this is how to do this manually.
Deleting cert8.db as discussed as a potential solution on mozilla.org and many other places) does not work in this case.

Have we re-introduced this bug in 33.0.2, or is this something else?
(Reporter)

Updated

4 years ago
Severity: normal → major
Component: Untriaged → Networking: Cache
Depends on: 659736, 660749, 810085, 1020431
OS: Windows 7 → All
Product: Firefox → Core
This is probably either the same as bug 800882 (fixed in 34) or bug 991313 (still not fixed). Does the site you're attempting to connect to use HSTS? (i.e. does it send a header that looks like "Strict-Transport-Security: ..."?) Alternatively, if you right-click on the page (after successfully loading it), is there a "This Frame" menu option?
Flags: needinfo?(suburp212)
Component: Networking: Cache → Security: PSM
(Reporter)

Comment 2

4 years ago
i don't think it's HSTS - it connects to sth like
i200.microsoft.com (nte: this is just a madeup server).

If the page load successfully (i.e. once I added the security exception manually), an xls file (or ppt file) automatically opens from within Sharepoint - not sure how I could check whether there is a "this frame" menu option, as that's outside firefox, then
Flags: needinfo?(suburp212)
(Reporter)

Updated

4 years ago
Depends on: 800882, 991313
No longer depends on: 660749, 810085

Comment 3

4 years ago
I'm also seeing this and was about to open a ticket, but I think it's the same problem.

When I visit https://newsignup.sonic.net/  it presents a sonic.com certificate and I get a certificate dialogue with "get me out of here!" but no "add exception".  So there is no convenient way to enter the site.

Comment 4

4 years ago
Note: above just started happening after 33.1 autoupgrade under Linux x64.
(Reporter)

Comment 5

4 years ago
Paul, did the workaround work for you?

first, copy the servername exactly as in the browser error page, then
Go to Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers " then 
manually add an exception.
Flags: needinfo?(phr-mozilla)

Comment 6

4 years ago
Problem for newsignup.sonic.net seems to have cleared up without my trying the workaround.  It now presents "add exception" as it should.
Flags: needinfo?(phr-mozilla)

Comment 7

3 years ago
Also with https://dev.p4u.ch/ , no exception can be added.

https://support.mozilla.org/de/questions/927097 suggests to activate browser.xul.error_pages.enabled , but it is already on "true" in my v39.0 win8.1_64bit FF

Bug 1143217 and Bug 1158855 appear to be similar, but a lot more specific
Is this still an issue?
Flags: needinfo?(suburp212)
(Reporter)

Comment 9

2 years ago
(In reply to David Keeler [:keeler] (use needinfo?) from comment #8)
> Is this still an issue?

David, we switched to a different source (Office 365), so there, the issue vanished, that doesn't mean that FF doesn't have an issue, it may or may not.
(Reporter)

Comment 10

2 years ago
(In reply to Ralf Hauser from comment #7)
> Also with https://dev.p4u.ch/ , no exception can be added.
> 
> https://support.mozilla.org/de/questions/927097 suggests to activate
> browser.xul.error_pages.enabled , but it is already on "true" in my v39.0
> win8.1_64bit FF
> 
> Bug 1143217 and Bug 1158855 appear to be similar, but a lot more specific

When trying this website, I can go to advanced and add an exception. Seems to be solved, then - Ralf is this still an issue for you?
Flags: needinfo?(suburp212) → needinfo?(hauser)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.