This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Trying to sign a page with an expired certificate, FF 20 allows me to select it and then shows the "401-Access is denied" message. How can I fix it?

  • 2 replies
  • 7 have this problem
  • 1 view
  • Last reply by hecferme

more options

I am trying to sign an aspx page using an expired client certificate; when ff reads it, it says it is expired, but allows me to choose it as my credentials and tries to sign the page, failing with a 401 error, instead of showing me the sec_error_expired_certificate error that it is supposed to catch. In IE 10 the expired certificate is not even shown at all. The URL with an image of the expired certificate details that ff shows is https://docs.google.com/drawings/d/1lT9eaRWKKwRWz-N0KycJ9GZY0kh_vc6QJ96L-1mHT1U/edit?usp=sharing

The problem is that this exception is not redirecting to my aspx code, so I cannot catch the error. How can I fix this problem, advertising the user in a friendly way that the certificate is really expired?

Thanks a lot Hector

I am trying to sign an aspx page using an expired client certificate; when ff reads it, it says it is expired, but allows me to choose it as my credentials and tries to sign the page, failing with a 401 error, instead of showing me the sec_error_expired_certificate error that it is supposed to catch. In IE 10 the expired certificate is not even shown at all. The URL with an image of the expired certificate details that ff shows is https://docs.google.com/drawings/d/1lT9eaRWKKwRWz-N0KycJ9GZY0kh_vc6QJ96L-1mHT1U/edit?usp=sharing The problem is that this exception is not redirecting to my aspx code, so I cannot catch the error. How can I fix this problem, advertising the user in a friendly way that the certificate is really expired? Thanks a lot Hector

All Replies (2)

more options

Hello, Can you please confirm the following

1. You are setting up an expired certificate as the host certificate for your host (or) are you trying to sign an ASPX file with an expired certificate? 2. The webserver where you are hosting this ASPX (IIS I presume), has only certificate based authentication enabled - is that right? 3. You are seeing that when the user opens the website they are prompted that the certificate has expired, and even if they chose to move forward, they are not able to - is that the issue? 4. If (3) is not the issue and you want to be able to get access to the certificate-expiration error as part of the ASPX code, then that wouldn't be possible because the certificate validation would happen as part of the TLS connection negotiation

If you can please provide some more details, it will help.

Thank you

more options

hello, gnittala.

thanks for replying.

these are the answers for your questions.


1. we are not using an expired certificate as the host certificate. we are trying to access an aspx file configured in iis with request client certificate. the host certificate is ok (not expired).

2. no. it has just windows authentication. The client certificate is requested for a page that needs it for ssl.

3. no. the certificate appears expired in the firefox certificate dialog, but it lets me keep that certificate selected and continue. then, ff reports the access denied error.

4. we thought we could display a customized error in our code; however, according to your assertion, it is impossible.

thanks a lot.