Closed Bug 635819 Opened 15 years ago Closed 14 years ago

Secure connection Failure & Certificate Error

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: Er.Thirumalai, Unassigned)

References

(
URL
)

Details

(Keywords: qablocker, qawanted)

Attachments

(7 files)

Error Screenshot
64.07 KB, image/jpeg
Details
Secure Connection Failure popup (Frequent Error pop-up)
25.72 KB, image/jpeg
Details
Certificate Viewer - Details Tab
36.35 KB, image/jpeg
Details
Certificate Viewer - General Tab
44.50 KB, image/jpeg
Details
Google Certificate on Firefox
663 bytes, application/octet-stream
Details
Google Certificate on IE
663 bytes, application/octet-stream
Details
Google Certificate Details In IE
103.78 KB, image/jpeg
Details
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0b11) Gecko/20100101 Firefox/4.0b11 In our organization is using domain's local proxy for Internet connectivity. with the local proxy server Firefox shows untrusted connection warnings & Certificate errors as well. But, There is no problem with chrome or IE. Reproducible: Always
Attached image Error Screenshot
Even I am getting the errors on Banking websites which made the browser's secure connection as untrustworthy.
Severity: major → blocker
Thanks for the bug report. It would be very helpful if you could include more information (make sure you press "Cancel" at the end!): 1. Go to https://wiki.mozilla.org to get back to the error page from your previous screen shot. 2. Click on "Technical Details" to expand that section, and copy/paste the text of that section into a comment of this bug report. 4. Click on "I understand the risks" to expand that section 5. Click the "Add Exception" button. The "Add security exception" dialog box will come up. 6. Click on "View..." button in the middle of the "Add security exception" dialog box. This will bring up the "Certificate Viewer" dialog box. 7. Click on the "Details" tab of the "Certificate Viewer" dialog box. 8. Take a screen shot of the details tab. 9. Click the "Close" button to close the certificate viewer. 10. Click the "Cancel" button on the "Add security exception" dialog box. 11. Attach the screenshot from step #8 to this bug report. Thanks again!
(I accidentally skipped from step 2 to step 4 above; there is not any step in between.)
Confirmed with proxy settings Mozilla/5.0 (Windows NT 6.1; rv:2.0b12pre) Gecko/20110220 Firefox/4.0b12pre
Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: blocker → major
Component: Security → Networking: HTTP
Product: Firefox → Core
QA Contact: firefox → networking.http
Version: unspecified → Trunk
Sounds an awful lot like bug 634247. I assume this is a regression from 1.9.2? If so, what's the regression range?
Blocks: 634247
Keywords: regressionwindow-wanted
Technical Details: bugzilla.mozilla.org uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) Refer Attachments: 1.Error Screenshot.jpg 2.Secure Connection Failure.jpg 3.certificate Viewer-1.jpg 4.certificate Viewer-2.jpg
Attachment #514407 - Attachment description: Certificate Viewer-1 → Certificate Viewer - General Tab
Attachment #514406 - Attachment description: Secure Connection Failure popup (Frequently Comes) → Secure Connection Failure popup (Frequent Error pop-up)
Summary: Certificate Issue with secure connection → Secure connection Failure & Certificate Error
Severity: major → critical
Keywords: qablocker, qawanted
Attachment #514407 - Attachment description: Certificate Viewer - General Tab → Certificate Viewer - Details Tab
Attachment #514408 - Attachment description: Certificate Viewer - Details Tab → Certificate Viewer - General Tab
Thanks, that was very helpful. Please use the "export" feature of the details tab of the certificate viewer. It looks like your proxy forges certificates for SSL websites so that it can intercept the traffic. I am curious why other browsers work correctly. Maybe your computer has the proxy's CA cert added to Windows' trusted root store already. (In reply to comment #6) > Sounds an awful lot like bug 634247. Yes, it seems to be basically the same problem. The only difference is that, in bug 634247 the network included its CA cert in its TLS ServerCertificate message, whereas the proxy in this case did not.
I am using now Firefox 4 RC build 1. I am still having problem. The Certificates exported with IE as well as Firefox is attached.
Severity: critical → blocker
I don't know whether Mozilla is working to resolve this issue. Firefox 4 has reached RC Stage. Still There is no patch yet. Other Browsers like Chrome & IE is able to verify the certificate with the windows root certificates which Mozilla can't do. I have to add each and every secure websites to my exemption list.This is really frustrating.
The Certificate is not verifiable in any of the secure connection. Any hackers can attack with forged certificates. As the Connection is not reliable it is not advisable to use Banking in Firefox with Internet connection through Local Proxy Server. So, I expect this is to be resolved before release of the Firefox 4.0 Final to public.
Thirumalaisamy, IE and Google Chrome are using the Windows Certification Authorities Store. Your system administrator has probably preinstalled the proxy Certification Authority certificate (with common name "haz_srbe.srhouse.com"). Firefox is using its own, from Windows system isolated, certification authorities store. If you want to let Firefox implicitly trust all secured websites you are visiting you have to import the proxy's certificate to the Firefox certificate database: - open the Windows Certificate Store (you can do it from IE or Control panels: Internet Options/Content/Certificates) - find the "haz_srbe.srhouse.com" certification authority (CA) certificate under one of "Trusted Root Certificataion Authorities" or "Intermediate Certification Authorities" tabs - select the certificate (if there are more certs with that name, you have to export each to a separate file, as described bellow) - click the "Export" button - an export wizard pops up, leave all options unmodified and simply export the certificate to a file on your computer - in Firefox, open Options - go to Advanced/Encryption - click the "View Certificates" button - go to the "Authorities" tab - click the "Import" button - locate the file you have exported the certificate to - check the "Trust this certificate to identify web sites" check box - click "OK" Since then you should not be getting the certificate error warnings. You can then also delete all the exceptions (also found under "View Certificates"). However, this warning from Firefox has its meaning. The proxy you are using is intercepting the secured communication, and can read, log and modify the data being exchanged with the target server.
So is a Regression Range satill wanted here in Light of Comment 18? Is this valid at all?
I had this exact problem and comment 18 by Honza Bambas (:mayhemer) solves the issue (in Firefox 9.0.1).
Until we decide to integrate/link the windows cert storage to/with NSS to use also windows integrated CAs, I don't think we can do more then what has been suggested in comment 18. Closing as not a valid mozilla bug.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: