Closed
Bug 1152931
Opened 9 years ago
Closed 8 years ago
SSL Add Exception no longer allowed for IBM CMM / IMM2
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: micajc, Unassigned, NeedInfo)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 Steps to reproduce: Attempt to access the https urls for new IBM Chassis Management Module, or Integrated Management Modules. These use self signed certs generated by the hardware device. The SSL is correctly flagged as not trusted. I then attempt to "Add an exception" - Problem not fixed by regenerationg devices SSL cert. Actual results: In MozillaFirefox-37.0.1-23.1.x86_64.rpm we get the message that the CA isn't trusted however the "add Exception" button does not work with no additional Information. Expected results: The Security negotiation should have allowed the exception to be added and negotiated a connection not withstanding it's problems with the self signed cert. This behavior works when we downgrade to MozillaFirefox-36.0.4_37.0.1-18.1_23.1
Technical details on the exception show the same error in both cases An error occurred during a connection to fs1-mgmt.macewan.ca. Peer's Certificate issuer is not recognized. (Error code: sec_error_unknown_issuer)
Okay I just validated the behavior occurs in windows FF 37 as well ... Other apache based self signed certs do allow the exception to be added. Is there an ssl validation log I can use to see a more specific answer as to what it is about these particular certificates that FF37 is objecting to?
|
||
Updated•9 years ago
|
Component: Untriaged → Security: PSM
Product: Firefox → Core
Does it work in 38? This might have been fixed by bug 1123671.
Flags: needinfo?(micajc)
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•