MozillaZine

Twitter Untrusted Connection

User Help for Mozilla Firefox
btreloar

User avatar
 
Posts: 374
Joined: November 10th, 2004, 2:46 pm
Location: East Hanover, NJ, USA

Post Posted July 15th, 2012, 2:37 pm

About once a week I get the Untrusted Connection dialog at Twitter. Technical details says "twitter.com uses an invalid security certificate."

A couple of hours later everything is fine. But for that couple of hours, I can't get into Twitter.

Since I'm checking twitter for my clients, this is a m,ajor inconvenience. Why is this happening and what do I need to do to stop this?
Bill Treloar

Grumpus

User avatar
 
Posts: 9326
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted July 15th, 2012, 3:51 pm

It could be any number of certificate conditions.
Depending on which country your clients are in could result in an OCSP failure.
It could also be a changing certificate at Twitter which is new or from a certificate authority not recognized by your version of Firefox.
It could also be you have the IP of the source, at that moment of submission, for certificate verification blocked or possibly the certificate authority settings under /Preferences/Advanced/Encryption/View Certificate/Edit for the provided certificate at the moment does not have the ability to verify the site.
Or it could be a simple redirect failure.

btreloar

User avatar
 
Posts: 374
Joined: November 10th, 2004, 2:46 pm
Location: East Hanover, NJ, USA

Post Posted July 16th, 2012, 6:01 am

Egad - so many possibilities. I and all clients are in the USA. Changing certificate at Twitter would not be something that happens repeatedly once a week or so - at least I wouldn't expect so. It comes and goes without my making any changes to settings at my end. And as for a simple redirect failure, would that likely top be repeatable over several minutes to an hour or so before resolving?
Bill Treloar

Grumpus

User avatar
 
Posts: 9326
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted July 18th, 2012, 8:00 am

Not to complicate the issue but it could also be transmission interruptions. Intrusion attempts appear to accompany OCSP verification sometimes, or at least it is becoming more noticeable. It also might help to make sure certificates are up to date, when you view a certificate it should have a section which show a verification at the top of the page.
You may want to find a real time traffic monitor to watch what is going on during these times. I found sometimes during a download or OCSP failure Google security/site verification downloads interfere.
There is also how you treat the OCSP verification. Look at /Tools/Options/Advanced/Encryption/Validation ; the block at the bottom shows, "When and OCSP server connection fails, treat the certificate as invalid." If this is checked the slightest change or interruption may cause the failure. This is a condition of the OCSP standards.
A number of years ago the OCSP verification method was considered vulnerable and insecure. If they corrected the issues this could be folks having found the original concept and trying it anyway, not enough to break in but enough to cause the verification failure. But I'm probably wrong about this part.
I ran into a certificate error similar to this where a known and valid authority was used for a local government created certificate which was considered unidentifiable and therefore considered the site a security risk. Much of this may have to do also with the ISP and what that ISP accepts as a valid authorization or maybe Google. Some third party cookies could also be the problem trying to be more persistent.

.

btreloar

User avatar
 
Posts: 374
Joined: November 10th, 2004, 2:46 pm
Location: East Hanover, NJ, USA

Post Posted September 2nd, 2012, 9:54 am

This is happening with increasing frequency. The option to treat it as invalid, as you suggest might be the culprit is NOT checked. Neverthyeless, at the moment, I got a "untrusted" warning at both Facebook and Twitter, followed by this:

Invalid URL
The requested URL "/home.php?", is invalid.
Reference #9.44260e6b.1346604701.d062986

What's this all about? Are these Firefox messages? How do I stop this from happening?
Bill Treloar

Grumpus

User avatar
 
Posts: 9326
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted September 3rd, 2012, 1:34 pm

The invalid URL could be a syntax issue from what you have shown, doesn't look like a proper URL.
I don't know where the reference numbers are from; this wiki link may help: Reference Computer Science
It may also be something to do with your certificates. Is there a specific certificate authority mentioned in the warnings? . . . aside from the improper url. It may also be a spoof or redirect condition.

You may be able to go into /Tools/Options/Advanced/Encryption/Validation and select a certificate authority from the OCSP drop down list.
You would need to check --- Validate all certificates using the following OCSP server: (pick one or one which is supported by Facebook or Twitter.)

Standard (default) setting should be:
checked --- Use the Online Status Cetificate Status protocol to confirm the validity of certificate
checked ---Validate a certificate if it specifies an OCSP server.
checked --- When an OCSP server connection fails, treat the certificate as invalid.

btreloar

User avatar
 
Posts: 374
Joined: November 10th, 2004, 2:46 pm
Location: East Hanover, NJ, USA

Post Posted September 4th, 2012, 6:21 am

Thanks, Grumpus. The Reference number, according to your resource, is a program or memory location and I expect would need a Thunderbird programmer to interpret.

Thank you for the setting adjustment recommendations. I've made those changes and will watch to see if the situation resolves.
Bill Treloar

Grumpus

User avatar
 
Posts: 9326
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted September 4th, 2012, 7:47 am

Good Luck :)

btreloar

User avatar
 
Posts: 374
Joined: November 10th, 2004, 2:46 pm
Location: East Hanover, NJ, USA

Post Posted September 5th, 2012, 3:51 pm

Thanks for wishing me good luck, but unfortunately that was insufficient. The problem, if anything, is getting worse. And It must be something on my computer because while Facebook was unavailable due to this error, I had no trouble connecting from my smartphone.

BTW, the URL the error quoted a few messages ago looks invalid, but it is the correct end of the Facebook URL after the domain ... if that matters.
Bill Treloar

Grumpus

User avatar
 
Posts: 9326
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted September 6th, 2012, 9:05 am

Have you run a disc diagnostic or performed any virus/malware checks.
Have you tried operating Firefox in Safe Mode and attempted access.
Do you have Firefox preferences set to notify you of any redirects?

JayhawksRock

User avatar
 
Posts: 9135
Joined: October 24th, 2010, 8:51 am

Post Posted September 6th, 2012, 10:24 am

The Facebook problem may be related to the known problem with their cookies and how Facebook uses a redirect when loggin in. see this solution> viewtopic.php?f=38&t=2528519
You may want to try that and maybe for Twitter as well.
Bill Gates is a very rich man today... and do you want to know why? The answer is one word: versions. ~ Dave Barry

patrickjdempsey

User avatar
 
Posts: 22863
Joined: October 23rd, 2008, 11:43 am
Location: Asheville NC

Post Posted September 6th, 2012, 3:58 pm

btreloar wrote:Invalid URL
The requested URL "/home.php?", is invalid.
Reference #9.44260e6b.1346604701.d062986


Did a Google on this... not a Firefox problem, folks on Chrome and other browsers are getting it as well. Are you using any AV toolbars or AV "link" features?
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/

btreloar

User avatar
 
Posts: 374
Joined: November 10th, 2004, 2:46 pm
Location: East Hanover, NJ, USA

Post Posted September 7th, 2012, 8:58 am

Well, the approach to go to Tools | Options | Privacy | Exceptions and add Google and Twitter seems not to have worked. I'm currently being blocked from Twitter.

I have Norton 360 running, but disabling their antivirus doesn't allow me to get to Twitter. I have no other antivirus running, so it must be something else.
Bill Treloar

JayhawksRock

User avatar
 
Posts: 9135
Joined: October 24th, 2010, 8:51 am

Post Posted September 7th, 2012, 9:28 am

Did you allso disable the Norton stuff in Addons Plugin section? Also check for any other extension/plugin related to security or search.
Bill Gates is a very rich man today... and do you want to know why? The answer is one word: versions. ~ Dave Barry

Harv72b
Guest
 

Post Posted September 8th, 2012, 2:41 pm

I've been getting the same issue intermittently for several months now. I don't use facebook but it does crop up from time to time, seemingly at random, with twitter. Most frustrating is that there is no option to ignore the "bad" certificate. This occurred on my old PC and is now happening on the one I bought 3 days ago.

I've tried pretty much everything there is to try in firefox's tools. Tried adding an exception for the server domain but it does not change the response. Tried changing to a specific OCSP server (Akamai, which provides the certificates for twitter) and that had no effect either. Even tried unchecking the OCSP validation entirely.

I've had it happen at the beginning of a web session, in the middle, and when navigating from one twitter webpage to another. Extremely annoying, to say the least.

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 23 guests