Certificate Error only on Firefox only on one computer
Firefox is giving me an error on https://stemgateway.nasa.gov but the site is perfectly accessible using MS Edge and using Firefox on another computer. I uninstalled and reinstalled Firefox, changed the proxy settings to not use a proxy, tested a VPN, and changed DNS servers. Below is a picture of the error and of the certificate which seems to be present in Firefox already.
Chosen solution
Yeah that's why I'm confused, I reinstalled Firefox multiple times as well as tried other derivatives such as Zen or PaleMoon. I also tried with/without a VPN and on different connections and browsers so I think I've isolated it pretty well to something with Firefox settings but I've turned on/off Proxy to no avail.
On the other hand, the STEM gateway site just opened without any other changes so I guess that's my issue solved? The only about:config value that's been modified was services.settings.security-state.intermediates.last_check in regards to security so maybe it didn't grab the store recently? I have no clue. Thanks for the help y'all.
Ler a resposta no contexto 👍 0All Replies (9)
Can you paste this certificate in text version - that option with PEM (chain)?
BEGIN CERTIFICATE-----
MIIHSzCCBjOgAwIBAgIRAOjqF68qRGYtfdqL3h++CDkwDQYJKoZIhvcNAQELBQAw gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0yNDA4MTkwMDAwMDBaFw0yNTA5MTkyMzU5NTlaMB8xHTAbBgNVBAMTFHN0 ZW1nYXRld2F5Lm5hc2EuZ292MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC AgEAug8FY2JtT8Y6EAbONsOpdnIQhKQEHv00kOSROEREP0Zj2yhfwWB9HgmCbQtM LRNKlabaT9s+YaMkQReuIkGD8exGZL7Pne2TH/QYWuXcnxgPy0lsveN3IF1LAisK bEhAFqWNCQ3TrECHdhABsoRmOOvGrlPExrJt51nn+uuZWIW0Mn0dw+npwvTnVkgh S5w/q3SET46NJgnoGirKUwvjaMmzfYepttvc3/DL+8TlL/N0hqF8l6hEX9YtHKWu YFqgfC8vgfKUOa3tdA6MFjxol07t30jOotHta/SaIDwxKl3uaeZDbiXQGcG+QEWI qm0mhgo7/nm68Cs8Q3oSzTh4McSfGV/vxa0LEQXE/hjC38BRVTxbd9AnA9f/KcBj c7lS/+MHherh8UelUb9wgaNf12MXiEW+Mqxc6VchPxVA8uU20FgQ+RBYNSMUuTB2 hRpyBQzNkNKesM++xaBLqcRrTruFIh66ITWhBxFipuKiWlE5o3HG01vqJ6zO2GI7 JczHpFoZX6OTC0Dy2v/1pcZ4jyH8fR4By7/rSXAg4PoMTu2gH5IE5Yp0sA74w5nw lZ2A82Nfm2APDVa2oKfE/TZLVsJGlNXzamFLvtrCKgeoRCDNK+qCXJwghDRG/3NJ TwU9QaCYIWJbS6h8qxbdOFpltlOog2ru89T48H5HaKRAGb0CAwEAAaOCAw8wggML MB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb+ZsF4bgBjWHhMB0GA1UdDgQWBBT07six 2UG/QufdfTOi85ze8SYfDjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEE AbIxAQICBzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAI BgZngQwBAgEwgYQGCCsGAQUFBwEBBHgwdjBPBggrBgEFBQcwAoZDaHR0cDovL2Ny dC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNl cnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20w OQYDVR0RBDIwMIIUc3RlbWdhdGV3YXkubmFzYS5nb3aCGHd3dy5zdGVtZ2F0ZXdh eS5uYXNhLmdvdjCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA3dzKNJXX4RYF 55Uy+sef+D0cUN/bADoUEnYKLKy7yCoAAAGRbHXJ0AAABAMARzBFAiAMm57FQp+M pEtl5agU9hQQI640GfoEwKza2Wa/UN9zQgIhAN2T7VGF6J4aMPlKwBW3hhaYUbYZ UAA68irlgnJUjvSFAHUADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQA AAGRbHXJYwAABAMARjBEAiB5Mw5q9j3T98X7FJcX5qG5xciRMoCkwVsuZy+uCUxn ggIgI85AYecb7QNAF347rlOEXhivi9F1KMLpWAhncdKMpzgAdgAS8U40vVNyTIQG GcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZFsdclfAAAEAwBHMEUCIQCWY1BS4u21 tAkGUgI/+LXdg6VGFH6e+yRwutytKcGF8QIgVb2c+UvIOb9D1fo8J9pY/F7Yu42v MnaeQ5kg5EQwpXUwDQYJKoZIhvcNAQELBQADggEBAKNvm+pYIHLC0RIr116U4woA /L5iBu3VVa4x3J7OWqwBfaKGGuJuu6rFaQ0X1h4960mOQASOaJwjcY+/vQoD11VO yU2K9YbELJnxo8FqLJFeAqkm/AF91zxX2fQeJHTy9W7EHv3LWzAF2m8ntUMkroiY ITboNZ/CBRtQdQbllZxLiyv5/ZDMqETQ9IYk8BHZQ/toyg2R5Bz63FLWXeL344ol E6OuYg3w/UuDhG+1Ek5ENm6eDwTRtoV7ZeHixRMecgtPTUjst1WyTdtSjA13ngKW K3okvcN39rbPz4iqFUbl9c3EX2izR7lGE0C55NkOhxvrpeH06p9sjCRTr/KhwFY=
END CERTIFICATE-----
The site fails to serve the intermediate signing certificate. (Verified using https://www.ssllabs.com/ssltest/analyze.html?d=stemgateway.nasa.gov)
That used to cause a connection error in all installations of Firefox that hadn't previously cached the same certificate from visiting a site that served it properly. But starting in 2020, Firefox added a feature of preloading approved intermediate certificates. I don't know how to determine whether a specific certificate is in the file Firefox downloads, but I suspect this one is. The Mozilla blog post on intermediate certificate reloading (https://blog.mozilla.org/security/2020/11/13/preloading-intermediate-ca-certificates-into-firefox/) refers to the Common CA Database, and and "Sectigo RSA Domain Validation Secure Server CA" does appear in the (slow-loading) daily database report at
https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCerts
Intermediate cert preloading is enabled by the following preference in about:config (Configuration Editor for Firefox), which is set to true by default:
security.remote_settings.intermediates.enabled
Is yours disabled?
No I don't think so. Testing the same site on my Macbook results in a functional page even with that config setting disabled.
jruan modificouno o
I don't think there is a way to make Firefox behave more strictly, so perhaps there is some other reason that Firefox isn't able to use (or isn't retrieving) the preloaded certificate.
Chosen Solution
Yeah that's why I'm confused, I reinstalled Firefox multiple times as well as tried other derivatives such as Zen or PaleMoon. I also tried with/without a VPN and on different connections and browsers so I think I've isolated it pretty well to something with Firefox settings but I've turned on/off Proxy to no avail.
On the other hand, the STEM gateway site just opened without any other changes so I guess that's my issue solved? The only about:config value that's been modified was services.settings.security-state.intermediates.last_check in regards to security so maybe it didn't grab the store recently? I have no clue. Thanks for the help y'all.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.