User Help for Mozilla Firefox
About once a week I get the Untrusted Connection dialog at Twitter. Technical details says "twitter.com uses an invalid security certificate."
A couple of hours later everything is fine. But for that couple of hours, I can't get into Twitter.
Since I'm checking twitter for my clients, this is a m,ajor inconvenience. Why is this happening and what do I need to do to stop this?
It could be any number of certificate conditions.
Depending on which country your clients are in could result in an OCSP failure.
It could also be a changing certificate at Twitter which is new or from a certificate authority not recognized by your version of Firefox.
It could also be you have the IP of the source, at that moment of submission, for certificate verification blocked or possibly the certificate authority settings under /Preferences/Advanced/Encryption/View Certificate/Edit for the provided certificate at the moment does not have the ability to verify the site.
Or it could be a simple redirect failure.
Egad - so many possibilities. I and all clients are in the USA. Changing certificate at Twitter would not be something that happens repeatedly once a week or so - at least I wouldn't expect so. It comes and goes without my making any changes to settings at my end. And as for a simple redirect failure, would that likely top be repeatable over several minutes to an hour or so before resolving?
Not to complicate the issue but it could also be transmission interruptions. Intrusion attempts appear to accompany OCSP verification sometimes, or at least it is becoming more noticeable. It also might help to make sure certificates are up to date, when you view a certificate it should have a section which show a verification at the top of the page.
You may want to find a real time traffic monitor to watch what is going on during these times. I found sometimes during a download or OCSP failure Google security/site verification downloads interfere.
There is also how you treat the OCSP verification. Look at /Tools/Options/Advanced/Encryption/Validation ; the block at the bottom shows, "When and OCSP server connection fails, treat the certificate as invalid." If this is checked the slightest change or interruption may cause the failure. This is a condition of the OCSP standards.
A number of years ago the OCSP verification method was considered vulnerable and insecure. If they corrected the issues this could be folks having found the original concept and trying it anyway, not enough to break in but enough to cause the verification failure. But I'm probably wrong about this part.
I ran into a certificate error similar to this where a known and valid authority was used for a local government created certificate which was considered unidentifiable and therefore considered the site a security risk. Much of this may have to do also with the ISP and what that ISP accepts as a valid authorization or maybe Google. Some third party cookies could also be the problem trying to be more persistent.
This is happening with increasing frequency. The option to treat it as invalid, as you suggest might be the culprit is NOT checked. Neverthyeless, at the moment, I got a "untrusted" warning at both Facebook and Twitter, followed by this:
The requested URL "/home.php?", is invalid.
What's this all about? Are these Firefox messages? How do I stop this from happening?
The invalid URL could be a syntax issue from what you have shown, doesn't look like a proper URL.
I don't know where the reference numbers are from; this wiki link may help: Reference Computer Science
It may also be something to do with your certificates. Is there a specific certificate authority mentioned in the warnings? . . . aside from the improper url. It may also be a spoof or redirect condition.
You may be able to go into /Tools/Options/Advanced/Encryption/Validation and select a certificate authority from the OCSP drop down list.
You would need to check --- Validate all certificates using the following OCSP server: (pick one or one which is supported by Facebook or Twitter.)
Standard (default) setting should be:
checked --- Use the Online Status Cetificate Status protocol to confirm the validity of certificate
checked ---Validate a certificate if it specifies an OCSP server.
checked --- When an OCSP server connection fails, treat the certificate as invalid.
Thanks, Grumpus. The Reference number, according to your resource, is a program or memory location and I expect would need a Thunderbird programmer to interpret.
Thank you for the setting adjustment recommendations. I've made those changes and will watch to see if the situation resolves.
Thanks for wishing me good luck, but unfortunately that was insufficient. The problem, if anything, is getting worse. And It must be something on my computer because while Facebook was unavailable due to this error, I had no trouble connecting from my smartphone.
BTW, the URL the error quoted a few messages ago looks invalid, but it is the correct end of the Facebook URL after the domain ... if that matters.
The Facebook problem may be related to the known problem with their cookies and how Facebook uses a redirect when loggin in. see this solution> viewtopic.php?f=38&t=2528519
You may want to try that and maybe for Twitter as well.
"All generalizations are false, including this one." ~ Mark Twain
Did a Google on this... not a Firefox problem, folks on Chrome and other browsers are getting it as well. Are you using any AV toolbars or AV "link" features?
Tip of the day: If it has "toolbar" in the name, it's crap.
What my avatar is about: https://addons.mozilla.org/en-US/seamonkey/addon/sea-fox/
Well, the approach to go to Tools | Options | Privacy | Exceptions and add Google and Twitter seems not to have worked. I'm currently being blocked from Twitter.
I have Norton 360 running, but disabling their antivirus doesn't allow me to get to Twitter. I have no other antivirus running, so it must be something else.
Did you allso disable the Norton stuff in Addons Plugin section? Also check for any other extension/plugin related to security or search.
"All generalizations are false, including this one." ~ Mark Twain
I've been getting the same issue intermittently for several months now. I don't use facebook but it does crop up from time to time, seemingly at random, with twitter. Most frustrating is that there is no option to ignore the "bad" certificate. This occurred on my old PC and is now happening on the one I bought 3 days ago.
I've tried pretty much everything there is to try in firefox's tools. Tried adding an exception for the server domain but it does not change the response. Tried changing to a specific OCSP server (Akamai, which provides the certificates for twitter) and that had no effect either. Even tried unchecking the OCSP validation entirely.
I've had it happen at the beginning of a web session, in the middle, and when navigating from one twitter webpage to another. Extremely annoying, to say the least.
Who is online
Users browsing this forum: sobhan64 and 8 guests