Αυτός ο ιστότοπος θα έχει περιορισμένη λειτουργικότητα, όσο εκτελούμε εργασίες συντήρησης για να βελτιώσουμε την εμπειρία σας. Αν ένα άρθρο δεν επιλύει το ζήτημά σας και θέλετε να κάνετε μια ερώτηση, η κοινότητα υποστήριξής μας είναι έτοιμη να σας βοηθήσει στο Twitter (@FirefoxSupport) και στο Reddit (/r/firefox).

Avatar for Username

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Μάθετε περισσότερα

Αυτό το νήμα αρχειοθετήθηκε. Παρακαλούμε κάντε νέα ερώτηση αν χρειάζεστε βοήθεια.

What does Firefox mean by "broken certificate" ?

  • 2 απαντήσεις
  • 4 έχουν αυτό το πρόβλημα
  • 2 προβολές
  • Τελευταία απάντηση από adaviel

adaviel
adaviel
more options

I have a site that gives a security warning "unable to obtain identification status for the given site", and then won't let me grant an exception. But only on certain machines. In two Linux machines running 10.0.4 it fails, in another also with 10.0.4 it's OK. In fact, with most machines I tried it's OK, and I can grant an exception marked as "not stored".

I've traced the error message in the sourcecode but lost the trail at gBroken in exceptionDialog.js If I look at the certificate with OpenSSL, it parses OK as X509 version 1.

I have a site that gives a security warning "unable to obtain identification status for the given site", and then won't let me grant an exception. But only on certain machines. In two Linux machines running 10.0.4 it fails, in another also with 10.0.4 it's OK. In fact, with most machines I tried it's OK, and I can grant an exception marked as "not stored". I've traced the error message in the sourcecode but lost the trail at gBroken in exceptionDialog.js If I look at the certificate with OpenSSL, it parses OK as X509 version 1.

Επιλεγμένη λύση

I have narrowed it down somewhat. If I create a new profile, there is no problem. I was having trouble accessing any page on the server e.g. https://example.com/robots.txt, https://example.com/foobar I found an entry in the cache for https://example.com/ which is actually a 301 moved response, and which includes a long security-info: string in base-64. If I empty the cache, the problem disappears - I get the challenge, and can grant an exception. If I restore the profile and cache from a saved copy, the problem reappears. I'm not sure what the saved state in the cache represents because I'd been playing with the certificate on the server too and hadn't documented when I'd changed it.

If I go to https://example.com/robots.txt and use reload, or shift-reload (which as I recall would normally get a new copy regardless of cached copies), it does not help.

When the problem manifests itself, I cannot retrieve the certificate using Firefox. There is no intermediate certificate, it's a self-signed one.

I'd had this problem on 3 machines. On one, I cleared the cache without saving it first, which fixed the problem. A third, running SeaMonkey, I presume still has the problem, and I presume it can be fixed by clearing cache.

(later) The issue appears if an HTTPS redirect is cached, and then the (self-signed) server certificate is changed Clearing the entry from cache resolves the problem. I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=767611

Ανάγνωση απάντησης σε πλαίσιο 👍 0

Όλες οι απαντήσεις (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Does Firefox allow to retrieve and inspect the certificate?

Can you post a link to that site?

Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

You can use this button to go to the Firefox profile folder:

  • Help > Troubleshooting Information > Profile Directory: Open Containing Folder
adaviel
adaviel Ιδιοκτήτης ερώτησης
more options

Επιλεγμένη λύση

I have narrowed it down somewhat. If I create a new profile, there is no problem. I was having trouble accessing any page on the server e.g. https://example.com/robots.txt, https://example.com/foobar I found an entry in the cache for https://example.com/ which is actually a 301 moved response, and which includes a long security-info: string in base-64. If I empty the cache, the problem disappears - I get the challenge, and can grant an exception. If I restore the profile and cache from a saved copy, the problem reappears. I'm not sure what the saved state in the cache represents because I'd been playing with the certificate on the server too and hadn't documented when I'd changed it.

If I go to https://example.com/robots.txt and use reload, or shift-reload (which as I recall would normally get a new copy regardless of cached copies), it does not help.

When the problem manifests itself, I cannot retrieve the certificate using Firefox. There is no intermediate certificate, it's a self-signed one.

I'd had this problem on 3 machines. On one, I cleared the cache without saving it first, which fixed the problem. A third, running SeaMonkey, I presume still has the problem, and I presume it can be fixed by clearing cache.

(later) The issue appears if an HTTPS redirect is cached, and then the (self-signed) server certificate is changed Clearing the entry from cache resolves the problem. I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=767611

Τροποποιήθηκε στις από το χρήστη adaviel