"Secure Connection Failed" problem
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
"Secure Connection Failed" problem
I suddenly get this error site when I try to connect to my own server via secure connection:
Before I simply got a warning about the invalid certificate (yes, I don't have one ^^) and I was able to ignore it.
Now it seems to be impossible to access my site via secure connection from SeaMonkey
Other browsers (Opera, IE7, ...) show a warning message, but they allow me to connect anyway...
How can I skip the error page or restore the old behavior?
Before I simply got a warning about the invalid certificate (yes, I don't have one ^^) and I was able to ignore it.
Now it seems to be impossible to access my site via secure connection from SeaMonkey
Other browsers (Opera, IE7, ...) show a warning message, but they allow me to connect anyway...
How can I skip the error page or restore the old behavior?
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
- raj_bhaskar
- Posts: 1946
- Joined: November 7th, 2002, 3:50 am
- Location: Glasgow, Scotland
- Contact:
-
- Posts: 0
- Joined: December 31st, 1969, 5:00 pm
Same behavior found. Mentioned by :
https://bugzilla.mozilla.org/show_bug.cgi?id=398534
https://bugzilla.mozilla.org/show_bug.cgi?id=398534
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
Well, according to those "bug reports", it's an intended behavior to show an error page instead of a warning now.
That is really bad news, as it makes Firefox/SeaMonkey unusable in some situations!
I'm running a little home server for my personal stuff and of course I cannot afford to buy a "real" certificate.
Still I want to have some security using a "secure" connection and I need to access that with a browser!
Without a valid certificate it won't be 100% secure, right, as it cannot be verified that the server really is the server it pretends to be.
Nevertheless, except the very rare case that somebody has spoofed my server, it is secure!
It think the user should decide which server he wants to trust, not the browser.
I will have to move to Opera browser until this issue is solved ...
That is really bad news, as it makes Firefox/SeaMonkey unusable in some situations!
I'm running a little home server for my personal stuff and of course I cannot afford to buy a "real" certificate.
Still I want to have some security using a "secure" connection and I need to access that with a browser!
Without a valid certificate it won't be 100% secure, right, as it cannot be verified that the server really is the server it pretends to be.
Nevertheless, except the very rare case that somebody has spoofed my server, it is secure!
It think the user should decide which server he wants to trust, not the browser.
I will have to move to Opera browser until this issue is solved ...
- BenoitRen
- Posts: 5946
- Joined: April 11th, 2004, 10:20 am
- Location: Belgium
- raj_bhaskar
- Posts: 1946
- Joined: November 7th, 2002, 3:50 am
- Location: Glasgow, Scotland
- Contact:
The bug I mentioned indicates that Firefox has a (deeply buried) UI that lets you add certificates to a "whitelist" (see comment 115). Should someone add a bug requesting that this be added to the SM prefs?
Raj Bhaskar, https://lordofthemoon.com
- therube
- Posts: 21703
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
It's there already .
Edit | Preferences | Privacy & Security | Certificates |-> Manage Certificates
That in turn updates the cert8.db file in your Profile (I believe).
PS: Thanks for posting that link. Knowing that, I was going to see if that would have fixed this bug (onlineid.bankofamerica.com sending incomplete SSL certificate chain), but it looks like BoA straightened things out on their end before I got a chance to try importing a certificate.
Edit | Preferences | Privacy & Security | Certificates |-> Manage Certificates
That in turn updates the cert8.db file in your Profile (I believe).
PS: Thanks for posting that link. Knowing that, I was going to see if that would have fixed this bug (onlineid.bankofamerica.com sending incomplete SSL certificate chain), but it looks like BoA straightened things out on their end before I got a chance to try importing a certificate.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
So what do I need to import?
I use Apachte/SSL via XAMPP with the certificate that came with the XAMPP package.
As far as I know ther certificate stuff is stored at "xampp/apache/conf"
There ate several SSL specific folders in that dir: "ssl.crl", "ssl.crt", "ssl.csr", "ssl.key" and "ssl.prm"
They all contain different files, but none seems to import in SeaMonkey...
And ideas ???
I use Apachte/SSL via XAMPP with the certificate that came with the XAMPP package.
As far as I know ther certificate stuff is stored at "xampp/apache/conf"
There ate several SSL specific folders in that dir: "ssl.crl", "ssl.crt", "ssl.csr", "ssl.key" and "ssl.prm"
They all contain different files, but none seems to import in SeaMonkey...
Code: Select all
Directory of D:\xampp\apache\conf
08.10.2007 00:46 <DIR> .
08.10.2007 00:46 <DIR> ..
07.10.2007 23:39 <DIR> extra
09.10.2007 03:35 20.176 httpd.conf
01.12.2005 15:34 13.340 magic
01.12.2005 15:34 15.612 mime.types
07.10.2007 23:39 <DIR> ssl.crl
07.10.2007 23:39 <DIR> ssl.crt
10.10.2007 21:10 <DIR> ssl.csr
07.10.2007 23:39 <DIR> ssl.key
07.10.2007 23:39 <DIR> ssl.prm
08.10.2007 00:46 <DIR> _ssl.bak
3 File(s) 49.128 bytes
Directory of D:\xampp\apache\conf\extra
07.10.2007 23:39 <DIR> .
07.10.2007 23:39 <DIR> ..
07.10.2007 23:39 2.922 httpd-autoindex.conf
07.10.2007 23:39 1.667 httpd-dav.conf
07.10.2007 23:39 2.419 httpd-default.conf
07.10.2007 23:39 1.140 httpd-info.conf
07.10.2007 23:39 5.180 httpd-languages.conf
07.10.2007 23:39 849 httpd-manual.conf
07.10.2007 23:39 3.919 httpd-mpm.conf
07.10.2007 23:39 2.229 httpd-multilang-errordoc.conf
08.10.2007 00:44 11.267 httpd-ssl.conf
07.10.2007 23:39 944 httpd-userdir.conf
07.10.2007 23:39 1.578 httpd-vhosts.conf
07.10.2007 23:39 2.496 httpd-xampp.conf
12 File(s) 36.610 bytes
Directory of D:\xampp\apache\conf\ssl.crl
07.10.2007 23:39 <DIR> .
07.10.2007 23:39 <DIR> ..
16.10.2001 08:05 1.569 Makefile
08.07.2005 13:35 331 README.CRL
2 File(s) 1.900 bytes
Directory of D:\xampp\apache\conf\ssl.crt
07.10.2007 23:39 <DIR> .
07.10.2007 23:39 <DIR> ..
16.10.2001 08:05 242.153 ca-bundle.crt
16.10.2001 08:05 1.522 Makefile
08.07.2005 13:35 1.419 README.CRT
04.12.2005 17:11 765 server.crt
16.10.2001 08:05 1.472 snakeoil-ca-dsa.crt
16.10.2001 08:05 1.192 snakeoil-ca-rsa.crt
16.10.2001 08:05 1.452 snakeoil-dsa.crt
16.10.2001 08:05 1.176 snakeoil-rsa.crt
8 File(s) 251.151 bytes
Directory of D:\xampp\apache\conf\ssl.csr
10.10.2007 21:10 <DIR> .
10.10.2007 21:10 <DIR> ..
10.10.2007 21:10 <DIR> New Folder
08.07.2005 13:35 949 README.CSR
16.10.2001 08:05 84 server.csr
2 File(s) 1.033 bytes
Directory of D:\xampp\apache\conf\ssl.csr\New Folder
10.10.2007 21:10 <DIR> .
10.10.2007 21:10 <DIR> ..
0 File(s) 0 bytes
Directory of D:\xampp\apache\conf\ssl.key
07.10.2007 23:39 <DIR> .
07.10.2007 23:39 <DIR> ..
08.07.2005 13:35 1.235 README.KEY
04.12.2005 17:11 891 server.key
16.10.2001 08:05 668 snakeoil-ca-dsa.key
16.10.2001 08:05 887 snakeoil-ca-rsa.key
16.10.2001 08:05 668 snakeoil-dsa.key
16.10.2001 08:05 891 snakeoil-rsa.key
6 File(s) 5.240 bytes
Directory of D:\xampp\apache\conf\ssl.prm
07.10.2007 23:39 <DIR> .
07.10.2007 23:39 <DIR> ..
08.07.2005 13:35 534 README.PRM
16.10.2001 08:05 455 snakeoil-ca-dsa.prm
16.10.2001 08:05 455 snakeoil-dsa.prm
3 File(s) 1.444 bytes
And ideas ???
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
Here is another site that cannot be accessed any more:
https://forum.doom9.org/
https://forum.doom9.org/
- Andy Boze
- Posts: 2755
- Joined: June 30th, 2005, 9:53 pm
- Location: South Bend, IN
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
Andy Boze wrote:Here's what I did. In the Certificate Manager, open the Servers tab. Click the "Add Exception..." button, then enter the base URL for your server. Click the "Confirm Security Exception" button and the certificate should be added for the site.
Ahhh, that did the trick! Thanks a lot
This time they really did a good job to hide an essential feature from the end-user ^^
Wouldn't it be be possible to put the "Add Security Exception" button directly on the error page?
-
- Posts: 7
- Joined: October 21st, 2007, 2:35 am
No non-technical user, aka 90% of users, would not or could not mess with importing an SSL certificate into their browser's whitelist. I am writing this tantrum here in hopes the developers of SeaMonkey will allow access to invalid certificates.
Example:
URL: https://search.auburn.edu
Error: "Could not establish an encrypted connection because certificate presented by search.auburn.edu has an invalid signature."
Please, please, SeaMonkey developers, for the sake of your product's publicity and reputation, fix this bug.
Example:
URL: https://search.auburn.edu
Error: "Could not establish an encrypted connection because certificate presented by search.auburn.edu has an invalid signature."
Please, please, SeaMonkey developers, for the sake of your product's publicity and reputation, fix this bug.
My PGP Public Key:
http://johndoe32102002.blogspot.com/
http://johndoe32102002.blogspot.com/
- therube
- Posts: 21703
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
You're right.
I couldn't get that to work at all in SeaMonkey 1.1.5.
Somewhat related issue, Bug 399045 – PSM should remember valid intermediate CA certificates.
I couldn't get that to work at all in SeaMonkey 1.1.5.
Somewhat related issue, Bug 399045 – PSM should remember valid intermediate CA certificates.
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
- LoRd_MuldeR
- Posts: 204
- Joined: January 21st, 2007, 2:26 pm
Also I still can't get SeaMonkey to get email's via secure SSL connection from university mail server.
It always throws a "sec_error_unkown_issuer" message, no matter how often I try to import the certificate and add an exception.
Seems like adding an exception for "invalid" certificates doesn't work for the mail client.
Or the mail client doesn't recognize that the imported certificate applies to the mail server too, for some reason.
Now I can only use unencrypted (plain text) connection to fetch my mails from university server...
It always throws a "sec_error_unkown_issuer" message, no matter how often I try to import the certificate and add an exception.
Seems like adding an exception for "invalid" certificates doesn't work for the mail client.
Or the mail client doesn't recognize that the imported certificate applies to the mail server too, for some reason.
Now I can only use unencrypted (plain text) connection to fetch my mails from university server...