Unable to open a secure page on a host with 2 different webservers with two different ports. (Error code: sec_error_bad_signature)




Security: PSM
5 years ago
2 years ago


(Reporter: Mihail Daskalov, Unassigned)


15 Branch
Windows XP

Firefox Tracking Flags

(Not tracked)




5 years ago
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0.1
Build ID: 20120905151427

Steps to reproduce:

1. Installed an SSL enabled web server on machine X on port 1158 (actually Oracle Enterprise manager dbconsole).
2. Accessed the site succesfully after adding an exception for the self signed certificate. That was using Firefox 15.0.1 on Windows XP 32 bit.
3. Installed another SSL enabled web server on the same machine X on port 5500 (again Oracle dbconsole for another database). It uses another self-signed certificate (for the same name though CN=X). The subject of the issuer is with the same DN, but different Key ID.
4. Accessed the second web server (on port 5500), after adding an exception for that.
That was using Firefox 15.0.1 on Windows XP 32 bit

5. Without changing anything on the serverside (no restarts, no configuration changes, nothing at all), I tried to access the first server on port 1158. That was using Firefox 15.0.1 on Windows XP 32 bit

Actual results:

An error was shown, instead of the expected contents.

Secure Connection Failed
          An error occurred during a connection to X:1158.

Peer's certificate has an invalid signature.

(Error code: sec_error_bad_signature)

Expected results:

The page should be displayed. It is correctly displayed with IE 8 and Chrome Version 22.0.1229.94 m
Component: Untriaged → Security: PSM
Product: Firefox → Core

Comment 1

5 years ago
I can confirm the behaviour for 
MS Windows Server 2003 R2 SP2 (32bit) + FF 16.0.2 portable

despite browser.xul.error_pages.expert_bad_cert set to 'TRUE'

one can circumvent it a bit
- start FF
- connect to EM at port 1158
- stop/start FF
- connect to EM at port 5500
- stop/start FF
- connect to EM at port 5501

sometimes it es possible to connect first to e.g. Port 5503 and after this successfully to 1158 without restarting FF

Comment 2

5 years ago
Based on Thomas' post I tried the following and it worked for me.

Firefox 17.0.2 on Windows 7 64-bit. Linux Oracle server RH 5.7,

1. Deleted all certificate exceptions associated with the Oracle server.
   Options > View Certificates > Delete...
2. Invoked each OEM dbconsole URL in the order of its creation -- important step.
3. Added certificate exception for each URL.

Subsequently I was able to connect to all 3 dbconsoles assigned to ports 5583, 5585, 5586, in any order.
Sounds like this is WFM.
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.