Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Since this upgrade to Firefox 31 on the mac I can no longer get to any HP iLo.

  • 7 respostas
  • 38 have this problem
  • 5 views
  • Last reply by dltate

more options

Since this upgrade to Firefox 31 on the mac I can no longer get to any HP iLo, does anybody know what happened with security certificates with this update? Firefox does not ask to accept the certificate anymore it just says there i an invalid certificate.


Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

Since this upgrade to Firefox 31 on the mac I can no longer get to any HP iLo, does anybody know what happened with security certificates with this update? Firefox does not ask to accept the certificate anymore it just says there i an invalid certificate. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

All Replies (7)

more options

Firefox 31 upgraded the component that works with SSL certificates. It is possible to disable that, but not desirable, so could we look at a couple other things first:

There used to be a problem where Firefox would detect that a serial number had been re-used. This might be the same issue with a different description. The somewhat complicated support article on that issue is here: Certificate contains the same serial number as another certificate.

Or as a first step, you might try renaming or deleting the cert8.db file, which is Firefox's certificate store that might contain an exception for this server that you saved before. Hopefully hiding this old exception from Firefox will allow you to successfully save a new one. In the following article, search for cert8 to find the steps: Secure connection failed and Firefox did not connect.

For information about disabling the new security component, please see this thread: Security certificate no longer valid after upgrading to latest FF.

Please let us know what you discover.

more options

Hi thank you very much for the reply. I tried to disable cert8.db and restart firefox it did not help. When I disabled the SSL certificate I was then able to get to all of the HP iLO ports. So I also have a co-worker that has a Mac with Firefox also and he has experienced the same issue. So just to be clear when I set the security.use_mozillapkix_verification to false I can get to all the iLo port that do not work when this is set to true.

Please advise on how to proceed.

Thanks! Don

more options

Hi dltate, thank you for reporting back. So with security.use_mozillapkix_verification=false, do you get the option to add an exception for the site, or do you get in automatically without any error message at all??

Since it would be safer to browse with the new security system enabled, it sounds as though we need to figure out how to make an exception for this particular server. Or if the exception already existed, to have it honored. Hmm...

more options

Jeff,

I did asked to add the exception with security.use_mozillapkix_verification=false. I do not get asked when it is true, it just give me the error "Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)"

Thanks for getting back so quick. Don

more options

Jeff, I also forgot to mention on my Mac I have a window 7 virtual and when the Firefox was upgraded to 31 I have the same issue as on the Mac.

more options

Note that if you remove the cert8.db file that this removes all intermediate certificates that Firefox has stored and possible exceptions that you created in the paste as well (see also cert_override.txt).

You will have to leave libPKIX disabled for now if that makes it possible to access these websites. A possibility is to create a button with the PrefBar extension to toggle the security.use_mozillapkix_verification pref when needed, so you can see which sites have issues with PKIX.

What kind of error message do you get when you visit these websites if there is still one?

Can you attach a screenshot of the technical details or possibly post a link if the site is publicly accessible (i.e. no authentication or signing on required)?

more options

OK well removing the cert8.db did not help anyway. I have attached a screenshot. The only think that worked was to change the security.use_mozillapkix_verification to false from true. So this is an interface for HP ProLiant servers that allows us to do bios work console work, etc. Thanks Don