Untrusted Iframe

Bald Eagle j99 · Post by **Bald Eagle j99** » November 9th, 2014, 2:11 pm

Anyone able to understand and explain this problem please ?

The site concerned is apparently aware of this problem but I am wondering how much of this is a Firefox problem and how much is the site problem, as it says "There is an issue with using this service in Firefox which is currently under investigation."

Problem page link: https://www.sefton.gov.uk/bins-recycling.aspx

Without any exceptions set this gives an untrusted error. That gives details

selfserve.sefton.gov.uk uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

There is no option to create an exception, from the dialogue box. However the dialogue will right click; it is then possible to open the Iframe in a new tab, and this time an option to set an exception is available.

Presumably all of this is known and expected behaviour, but not a particularly good experience for a Firefox User.
IE does not have a problem with the afore mentioned page, (I have not tried other browsers).

Possibly this is related to Bug 991313 - tell the user why they can't add a certificate exception in a framed page

Post by **trolly** » November 9th, 2014, 3:33 pm

I can not even open that page. When clicking "Technical details" it is said that the site is using a certificate for a different domain.

Frenzie · Post by **Frenzie** » November 10th, 2014, 3:33 am

I had to add an exception to enter the site, which is no different in any other browser I tried. (Except that in most it takes one click less to do so.) I had no issues adding the (temporary) exception.

Bald Eagle j99 · Post by **Bald Eagle j99** » November 10th, 2014, 5:59 am

Thanks for the replies.

trolly wrote:I can not even open that page. When clicking "Technical details" it is said that the site is using a certificate for a different domain.

Did you try right clicking the notification and opening the iframe in another tab? That allowed me to add an exception and then open the page.

I had to add an exception to enter the site, which is no different in any other browser I tried. (Except that in most it takes one click less to do so.) I had no issues adding the (temporary) exception.

I am not sure where Firefox keeps the exceptions. I use the local government site fairly frequently but did not as far as I remember need to add an exception to use the site sefton.gov.uk The exception I remember adding is as mentioned above and is only for certain pages of that site,namely those using the iframe from selfserve.sefton.gov.uk

Internet Explorer opens the site including the problem page but as far as I remember I did not need to add any exception.
I have screenshots of IE opening the problem page. I have one of Nightly displaying the dialogue but no option to add an exception, and one of Firefox displaying the page after an exception has been added; however I can not attach screenshots unless I upload them somewhere and use a link

Frenzie · Post by **Frenzie** » November 10th, 2014, 7:45 am

Bald Eagle j99 wrote:I am not sure where Firefox keeps the exceptions. I use the local government site fairly frequently but did not as far as I remember need to add an exception to use the site sefton.gov.uk The exception I remember adding is as mentioned above and is only for certain pages of that site,namely those using the iframe from selfserve.sefton.gov.uk

Do you mean that the link you gave does not show the problem you described?

Internet Explorer opens the site including the problem page but as far as I remember I did not need to add any exception.
I have screenshots of IE opening the problem page. I have one of Nightly displaying the dialogue but no option to add an exception, and one of Firefox displaying the page after an exception has been added; however I can not attach screenshots unless I upload them somewhere and use a link

I didn't mean to imply that they all use the same wording. In Opera/Presto you "approve", in Opera/Blink you "continue anyway" and in Chromium you "proceed". Most default to a temporary exception.

jscher2000 · Post by **jscher2000** » November 14th, 2014, 5:00 pm

The initial URL gives this:

http://www.sefton.gov.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net
(Error code: ssl_error_bad_cert_domain)

My guess is they did not intend for you to use HTTPS for that page but just HTTP:

http://www.sefton.gov.uk/bins-recycling.aspx

jscher2000 · Post by **jscher2000** » November 14th, 2014, 5:08 pm

For the selfserve subdomain, sites I usually use for analyzing the correctness of the SSL installation report:

"Error while checking the SSL Certificate!!

Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website."

http://www.networking4all.com/en/suppor ... ocol=https

"Overall Grade F

This server supports SSL 2, which is obsolete and insecure. Grade set to F.

Chain issues: Incomplete"

https://www.ssllabs.com/ssltest/analyze ... ton.gov.uk

Firefox really is only objecting to the missing intermediate certificate, but it seems they could address a few other things while they're at it.

Untrusted Iframe

Untrusted Iframe

Re: Untrusted Iframe

Re: Untrusted Iframe

Re: Untrusted Iframe

Re: Untrusted Iframe

Re: Untrusted Iframe

Re: Untrusted Iframe