Thanks Chris, I appreciate any help I can get. I'm trying to help IT get this fixed so we can keep FF.
I already, and now again on your advice, imported to Firefox Authorities Certificates the same certificate that was circulated by IT in a package, which is presumably the OS installed certificate that enables Chrome to work. Same error continues. I've passed on your advice to my ticket but don't yet have a response from my IT. Can you clarify how to install or required particulars of this certificate? It's sitting their in "Authorities" list but the cert seems to have little information in it's fields. Perhaps it's inadequately constituted? The CN is a slightly lengthy piece of arbitrary free text with no O or OU in the issued to, and no OU and the CN replicated in the O for the issued by section. Otherwise it's PKCS #1 SHA-256 With RSA Encryption with validity dates and a few other fields including a CRL distribution point with a local URI marked Not Critical.? On Thursday, 10 September 2015 04:37:04 UTC+10, Chris Palmer wrote: > It looks like perhaps your organization is using an intercepting proxy . . . > the fix is for your IT department to add their proxy's root certificate to > Firefox, > > On Tue, Sep 8, 2015 at 8:33 PM, <[email protected]> wrote: > > I want to ask about Firefox security implementation, possibly HSTS? > > Firefox seems to implement strict-er security in comparison to Chrome. > > > > Our IT department have been making changes to implement SSO including > > using a SAML identity provider with Google services. > > > > From the perspective of our ICT support it looks like Firefox doesn't > > work. . . . > > You have asked Firefox to connect securely to mail.google.com, but we > > can't confirm that your connection is secure. > > Normally, when you try to connect securely, sites will present trusted > > identification to prove that you are going to the right place. > > However, this site's identity can't be verified. > > What Should I Do? > > If you usually connect to this site without problems, this error could > > mean that someone is trying to impersonate the site, and you shouldn't > > continue. > > This site uses HTTP Strict Transport Security (HSTS) to specify that > > Firefox only connect to it securely. As a result, it is not possible to add > > an exception for this certificate. > > Get me out of here! > > Technical Details > > mail.google.com uses an invalid security certificate. > > The certificate is not trusted because the issuer certificate is unknown. > > The server might not be sending the appropriate intermediate certificates. > > An additional root certificate may need to be imported. > > (Error code: sec_error_unknown_issuer) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
