MozillaZine

Untrusted Iframe

Discuss how to use and promote Web standards with the Mozilla Gecko engine.
Bald Eagle j99
 
Posts: 15
Joined: August 2nd, 2010, 3:28 am

Post Posted November 9th, 2014, 2:11 pm

Anyone able to understand and explain this problem please ?

The site concerned is apparently aware of this problem but I am wondering how much of this is a Firefox problem and how much is the site problem, as it says "There is an issue with using this service in Firefox which is currently under investigation."

Problem page link: https://www.sefton.gov.uk/bins-recycling.aspx

Without any exceptions set this gives an untrusted error. That gives details
selfserve.sefton.gov.uk uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

There is no option to create an exception, from the dialogue box. However the dialogue will right click; it is then possible to open the Iframe in a new tab, and this time an option to set an exception is available.

Presumably all of this is known and expected behaviour, but not a particularly good experience for a Firefox User.
IE does not have a problem with the afore mentioned page, (I have not tried other browsers).

Possibly this is related to Bug 991313 - tell the user why they can't add a certificate exception in a framed page
John 99

trolly
Moderator

User avatar
 
Posts: 39905
Joined: August 22nd, 2005, 7:25 am

Post Posted November 9th, 2014, 3:33 pm

I can not even open that page. When clicking "Technical details" it is said that the site is using a certificate for a different domain.
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.

Frenzie

User avatar
 
Posts: 2135
Joined: May 5th, 2004, 10:40 am
Location: Belgium

Post Posted November 10th, 2014, 3:33 am

I had to add an exception to enter the site, which is no different in any other browser I tried. (Except that in most it takes one click less to do so.) I had no issues adding the (temporary) exception.
Intelligent alien life does exist, otherwise they would have contacted us.

Bald Eagle j99
 
Posts: 15
Joined: August 2nd, 2010, 3:28 am

Post Posted November 10th, 2014, 5:59 am

Thanks for the replies.

trolly wrote:I can not even open that page. When clicking "Technical details" it is said that the site is using a certificate for a different domain.


Did you try right clicking the notification and opening the iframe in another tab? That allowed me to add an exception and then open the page.

I had to add an exception to enter the site, which is no different in any other browser I tried. (Except that in most it takes one click less to do so.) I had no issues adding the (temporary) exception.


I am not sure where Firefox keeps the exceptions. I use the local government site fairly frequently but did not as far as I remember need to add an exception to use the site sefton.gov.uk The exception I remember adding is as mentioned above and is only for certain pages of that site,namely those using the iframe from selfserve.sefton.gov.uk

Internet Explorer opens the site including the problem page but as far as I remember I did not need to add any exception.
I have screenshots of IE opening the problem page. I have one of Nightly displaying the dialogue but no option to add an exception, and one of Firefox displaying the page after an exception has been added; however I can not attach screenshots unless I upload them somewhere and use a link
John 99

Frenzie

User avatar
 
Posts: 2135
Joined: May 5th, 2004, 10:40 am
Location: Belgium

Post Posted November 10th, 2014, 7:45 am

Bald Eagle j99 wrote:I am not sure where Firefox keeps the exceptions. I use the local government site fairly frequently but did not as far as I remember need to add an exception to use the site sefton.gov.uk The exception I remember adding is as mentioned above and is only for certain pages of that site,namely those using the iframe from selfserve.sefton.gov.uk

Do you mean that the link you gave does not show the problem you described?

Internet Explorer opens the site including the problem page but as far as I remember I did not need to add any exception.
I have screenshots of IE opening the problem page. I have one of Nightly displaying the dialogue but no option to add an exception, and one of Firefox displaying the page after an exception has been added; however I can not attach screenshots unless I upload them somewhere and use a link

I didn't mean to imply that they all use the same wording. In Opera/Presto you "approve", in Opera/Blink you "continue anyway" and in Chromium you "proceed". Most default to a temporary exception.
Intelligent alien life does exist, otherwise they would have contacted us.

jscher2000

User avatar
 
Posts: 10623
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted November 14th, 2014, 5:00 pm

The initial URL gives this:

http://www.sefton.gov.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net
(Error code: ssl_error_bad_cert_domain)


My guess is they did not intend for you to use HTTPS for that page but just HTTP:

http://www.sefton.gov.uk/bins-recycling.aspx

jscher2000

User avatar
 
Posts: 10623
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted November 14th, 2014, 5:08 pm

For the selfserve subdomain, sites I usually use for analyzing the correctness of the SSL installation report:

"Error while checking the SSL Certificate!!

Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website."


http://www.networking4all.com/en/suppor ... ocol=https

"Overall Grade F

This server supports SSL 2, which is obsolete and insecure. Grade set to F.

Chain issues: Incomplete"


https://www.ssllabs.com/ssltest/analyze ... ton.gov.uk

Firefox really is only objecting to the missing intermediate certificate, but it seems they could address a few other things while they're at it.

Return to Web Development / Standards Evangelism


Who is online

Users browsing this forum: No registered users and 3 guests