Secure Connection Failed- can not confirm security exception (since update to 31)
This morning I was able to access our plesk install for our server (I had previously confirmed the security exception after getting the warning) without problem. Then firefox updated to 31 and now it is giving me this error: Secure Connection Failed
An error occurred during a connection to (**website**). Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
With no option to confirm any security exception. I am still able to access it through Chrome, but we all use firefox here (and would like to keep doing so). I checked on the computers that haven't updated yet and they were able to get in still, I updated one of them and now they are getting the same error, so it is a firefox issue with the new update.
Any help would be appreciated!
Réiteach roghnaithe
Can you post the Bug number for reference?
You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
Read this answer in context 👍 11All Replies (8)
This can be caused by the usage of mozpkix (mozilla::pkix) in the Firefox 31 release.
- https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/
- https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
You could consider to file a bug about this.
Thank you- I submitted a bug report. It is strange though, on our windows 7 machine this isn't a problem at all. (even after I updated firefox there) I disabled all add-ons and still had the error on our windows 8.1 machine though.
Réiteach Roghnaithe
Can you post the Bug number for reference?
You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
Athraithe ag cor-el ar
The bug number is 1042889
I tried your solution to rename the cert8.db file and then restarted firefox and it worked! Thank you very much!
You're welcome
My friend has found a workaround: [7/24/14, 10:08:46 AM] Andy Nowakowski: go to 'about:config' in a new tab [7/24/14, 10:09:13 AM] Andy Nowakowski: toggle security.use_mozillapkix_verification [7/24/14, 10:09:23 AM] Andy Nowakowski: and it will return to previous behavior
found on the bugzilla :)
(fixed pref name - c)
Athraithe ag cor-el ar
I'm also experiencing this issue while trying to access my website running locally in Eclipse. It didn't used to be a problem, but now in version 33 I cannot access my site. I tried renaming both cert8.db and secmod.db and that did not help. I did not find security.use_mozillapkix_verification in about:config, so that didn't help. Any other ideas? Isn't there a way to add exceptions to this security rule, like in the past?
I had to raise the issue as a new question, because we found no other way to create a support account. Anyway: after reading and trying all above, In release 32 and above we get NO popup window to configure exceptions. whatever got broken, the clean way out would be to add an always accessible menu to the options/security tab. To prevent any debate about the need for exceptions: the certificate of our main router is expired and buying a new one for such a ridiculous reason, causing up to 3 days of LAN resource and security configurations on the router is not an economic option. Having 262 users with the same problem means there are thousands of users solving the problem by walking to another browser. So, please reconsider the importance of the problem! Firefox is broken, not our router. (this is posted using Firefox 31.0 the last properly working release)