Re: Error code: sec_error_ca_cert_invalid
Thank you so much for your response as I am still battling this issue. I agree that the site is probably not using best practices (my guess) ... The site is https://bankruptcylink.com After the home page, the error comes up when you click the Login button. The user is also unable to user IE or Chrome with this site. Any diagnostic anything you have to offer would be appreciated. I'm downloading v37 now to see if that helps. On Tue, Apr 28, 2015 at 12:38 PM, Kai Engert k...@kuix.de wrote: On Thu, 2015-04-23 at 13:11 -0700, rebecca.c...@gmail.com wrote: Accessing https site that is used by the entire state of Indiana. My office is apparently the only office that cannot access the site. Well, that is to say, half of my office cannot access the site, the other half can access it with no problem. All are using Firefox 36.0.4, all were previously able to access the site. I no longer see a security.use_mozillapkix_verification setting in about:config - what is preventing some firefox users from accessing this site? Hello Rebecca, the setting security.use_mozillapkix_verification has been removed, I believe it's gone since Firefox 32. Since then, Firefox only uses the new code. You say you aren't able to access that site. First, it means that site isn't following best practices. If the entire state of Indiana is required to use that site, then it would be very good to fix that site. Is it a public Internet site, or some internal/intranet site? Is my assumption correct, that you cannot access the site, because you are unable to add an override, like Firefox usually allows with other bad sites? There was a regression bug in Firefox 36 which made it impossible to add an override for certain scenarios that result in the ca_cert_invalid error message. (That was https://bugzilla.mozilla.org/show_bug.cgi?id=1138332 ) Unfortunately, it was too late to get that bug fixed in Firefox 36. However, Firefox 37, which was released end of March 2015, contained a fix for this issue. Are you able to upgrade to Firefox 37 and see if it fixes your issue? If it doesn't, then could you please send us additional information about the server? If it's a server on the public Internet, then we'd need to know the server address (www...), or, if it's an Intranet server, then someone would have to save a copy of the certificates used by the server, which can be retrieved by running diagnostic utilities. Let us know if you'd like to have instructions on how to do that. Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Error code: sec_error_ca_cert_invalid
On Tue, 2015-04-28 at 12:51 -0500, Rebecca White wrote: The site is https://bankruptcylink.com This issue is now being tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=1159471 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Error code: sec_error_ca_cert_invalid
On Thu, 2015-04-23 at 13:11 -0700, rebecca.c...@gmail.com wrote: Accessing https site that is used by the entire state of Indiana. My office is apparently the only office that cannot access the site. Well, that is to say, half of my office cannot access the site, the other half can access it with no problem. All are using Firefox 36.0.4, all were previously able to access the site. I no longer see a security.use_mozillapkix_verification setting in about:config - what is preventing some firefox users from accessing this site? Hello Rebecca, the setting security.use_mozillapkix_verification has been removed, I believe it's gone since Firefox 32. Since then, Firefox only uses the new code. You say you aren't able to access that site. First, it means that site isn't following best practices. If the entire state of Indiana is required to use that site, then it would be very good to fix that site. Is it a public Internet site, or some internal/intranet site? Is my assumption correct, that you cannot access the site, because you are unable to add an override, like Firefox usually allows with other bad sites? There was a regression bug in Firefox 36 which made it impossible to add an override for certain scenarios that result in the ca_cert_invalid error message. (That was https://bugzilla.mozilla.org/show_bug.cgi?id=1138332 ) Unfortunately, it was too late to get that bug fixed in Firefox 36. However, Firefox 37, which was released end of March 2015, contained a fix for this issue. Are you able to upgrade to Firefox 37 and see if it fixes your issue? If it doesn't, then could you please send us additional information about the server? If it's a server on the public Internet, then we'd need to know the server address (www...), or, if it's an Intranet server, then someone would have to save a copy of the certificates used by the server, which can be retrieved by running diagnostic utilities. Let us know if you'd like to have instructions on how to do that. Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Error code: sec_error_ca_cert_invalid
Hey Rebecca, Can you send along the certificate chain that the site is presenting? Thanks, --Richard On Thu, Apr 23, 2015 at 4:11 PM, rebecca.c...@gmail.com wrote: Accessing https site that is used by the entire state of Indiana. My office is apparently the only office that cannot access the site. Well, that is to say, half of my office cannot access the site, the other half can access it with no problem. All are using Firefox 36.0.4, all were previously able to access the site. I no longer see a security.use_mozillapkix_verification setting in about:config - what is preventing some firefox users from accessing this site? I apologize if this does not belong in this group. r -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: An error occurred during a connection to 9.183.191.164. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
- Original Message - From: Peter Thornemann thornemann.pe...@gmail.com To: mozilla-dev-tech-cry...@lists.mozilla.org Sent: Monday, 22 September, 2014 10:05:42 AM Subject: An error occurred during a connection to 9.183.191.164. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid) My work have upgrade from FF 24.0 to FF 31.1.0 on both Linux Redhat 6 and windows 7. On FF 31.1.0 we now get this error when we try to access this adress An error occurred during a connection to 9.183.191.164. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid) from Linux But from Windows it work fine This is not externally reachable. Could you connect to it using openssl s_client -showcerts -connect 9.183.191.164:443 and attach full output? There were few changes that could have caused it. -- Regards, Hubert Kario -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
An error occurred during a connection to 9.183.191.164. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
My work have upgrade from FF 24.0 to FF 31.1.0 on both Linux Redhat 6 and windows 7. On FF 31.1.0 we now get this error when we try to access this adress An error occurred during a connection to 9.183.191.164. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid) from Linux But from Windows it work fine -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto