installed firefox 40 and cannot access ssl pages, but can access if net nanny 6.5 is disabled. not an issue with other browsers.
I installed firefox 40.0.3 and cannot access ssl (https) pages, including mozilla.org,, but can access if net nanny 6.5 is disabled. not an issue with other browsers. Operating system is windows 7. error message:
"Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."
Is this a known problem? (Hopefully with a known answer).
All Replies (14)
Sounds that Net Nanny is intercepting secure connections and is sending its own certificate. You would have to install the Net Nanny root certificate.
You can check the certificate chain in another browser that is working and export the NN certificate and import this certificate under the Authorities tab in the Certificate Manager.
- Tools > Options > Advanced > Certificates: View Certificates
If you can't inspect the certificate via "I Understand the Risks" then try this:
Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field of this window type or paste the URL of the website.
- retrieve the certificate via the "Get certificate" button
- click the "View..." button to inspect the certificate in the Certificate Viewer
You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate.
I delete the net nanny certificate in Firefox first and then import the net nanny certificate from another browser?
Do you already have a Net Nanny certificate showing in the Firefox Certificate Manager.
Did you check via the above posted steps who the issuer is of a certificate on a website that causes problems?
Note that you need to set trust bits of the Net Nanny certificate when you import this certificate to make it work as a trusted (root) certificate. Otherwise the Net Nanny certificate would have to chain to a built-in root certificate to make it work.
The issuer of the certificate in 3 browsers is Net Nanny itself (Content Watch). The trust bits part is over my head. I did not understand that at all and don't know how to do that part. Since Net Nanny is supposed to have rigid control of browsers, will this "break" Net Nanny? Also, I have seen this type of ssl Net Nanny/Firefox conflict posted online elsewhere, is this a known conflict?
Is the Net Nanny certificate already installed in Firefox?
If you see this certificate in the Certificate Manager (Authorities tab) then you can click the Edit Trust button. Set a checkmark on the first item (this certificate can identify websites). If the certificate is not in the Certificate Manager then you need to import this certificate like I posted above and set this trust bit via the appropriate import dialog window.
The Net Nanny/Content Watch certificate is already in Firefox and the first box is already checked under "edit trust." (Yet it hasn't been allowing SSL/https.)
Is Firefox using this specific certificate if you check this?
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
- Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
- Click the "View" button and inspect the certificate
You can see details like intermediate certificates that are used in the Detail tab.
When I look at the certificate details page, I can see the details. The expiration date is years away. I assume Firefox is using the certificate it has listed under certificates because I just downloaded and installed Firefox 40.0.3.
I do not see any place where it says "I understand the risks" etc. (See attachments for example of the error message. Get add ons fails. Plug in check fails. Both cannot access mozilla.org because it is https)
I don't know how to get to the add exception > get certificate.
Can you attach a screenshot of the main Certificate Manager window and of the details tab?
- Tools > Options > Advanced > Certificates: View Certificates
Firefox 40.0.3 certificate
Does this certificate show in the Certificate Manager with trust bits set (Edit Trust)?
I think that it should work in that case unless you may have previously stored an exception.
In that case you can check the servers tab or possibly rename the cert8.db file and import the Net Nanny root certificate another time in the Certificate Manager.
You can use this button to go to the current Firefox profile folder:
- Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
- http://kb.mozillazine.org/Profile_folder_-_Firefox
Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future use. Stored intermediate certificates show as "Software Security Device" in the "Security Device" column in the Certificate Manager. A server needs to send the full certificate chain that includes all required intermediate certificates. If a server doesn't send a full certificate chain then you wouldn't get an untrusted error if Firefox has stored missing intermediate certificates by visiting a server in the past that has send this certificate, but you do get an untrusted error if this intermediate certificate isn't stored yet.
Modified
I didn't understand all that but this is what it looks like in the Certificate Manager.
Is there a solution to my problem or is Firefox 40 just not compatible with Net Nanny?
Should I look for another browser instead of Firefox?