Created attachment 8584761 [details] error.png User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Build ID: 20150320202338 Steps to reproduce: Fresh installment of Windows 7 64bit New installation of FF 36.0.4 Start Firefox 36.0.4, open https://api.boardreader.com/v1/Boards/ Workaround exists (though it had broken my mind): go to the the Options -> Advanced -> View Certificates -> CA -> find Network Solutions, LLC and remove it). The main problem is possibly that I cannot ignore this CA error and it's impossible to open the HTTPS-protected site at all. Actual results: The site won't open sec_error_bad_signature (and no way to ignore this) Expected results: I should see the XML reply: <Response><Request/><Error><ErrorMsg>Internal server error</ErrorMsg></Error></Response> (The errro is OK since we did not provide the required API parameters)
the website server looks broken, i cannot reach it...
(In reply to Loic from comment #1) > the website server looks broken, i cannot reach it... Sorry, my bad. I think api.boardreader.com is not allowed publicly because of the firewall. The same cert is used e.g. for https://manage.boardreader.com/, please try this URL instead. The problem is exactly the same.
WFM but this website a really a poor security level: https://www.ssllabs.com/ssltest/analyze.html?d=manage.boardreader.com RC4 cipher suite, SSL3, SHA1 as signature algorithm, plus mixed content.
Created attachment 8585583 [details] Screenshot from Ubuntu desktop The problem can also be repeated on Ubuntu
Hello, > WFM but this website a really a poor security level: > https://www.ssllabs.com/ssltest/analyze.html?d=manage.boardreader.com > RC4 cipher suite, SSL3, SHA1 as signature algorithm, plus mixed content. I think the overall site secutity should not be a problem (we actually don't care at the moment), but we've been able to repeat the same problem on Ubuntu. The main issue is that one can do nothing to access the HTTPS-protected page: it's impossible even to add it to the list of security exceptions. I've attached the screenshot from the Ubuntu desktop my collegue just sent me. (Sorry, the URL in the screenshot is not publicly available but you can use https://manage.boardreader.com/ with the same effect).
> Sorry, the URL in the screenshot is not publicly available Update: It's now available, feel free to check (normally it should pop up the HTTP Auth form, but with this SSL problem it won't get you even to the auth form stage).
As far as I can tell, manage.boardreader.com isn't sending any intermediate certificates. What could be happening is your profile has a cached intermediate with the same subject as the issuer of the server certificate ("C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority") but with a different public key. Attempting to verify the signature with that intermediate won't work, and since the browser can't find any other potential issuers, the error returned is sec_error_bad_signature. If the server is configured to include the appropriate intermediate certificate(s), the connection should succeed. These tools might be helpful: https://whatsmychaincert.com/ https://github.com/cloudflare/cfssl
David, Yes, the 'incomplete certificate' looks to be the root of all evil. However, the above-mentioned sites fail to open on clean profile (on a clean OS installation actually). The workaround is also strange (go to Certificate Authorities page and remove Network Solutions LLC). I think FF should be able to handle this better, at least other browsers do (I've tried Chrome and IE11).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1189145
You need to log in before you can comment on or make changes to this bug.