Is there a way to get passed a certificate error when "I Understand the Risks" is not displayed?
I was making an online order and got right to the end where I was entering my credit card details. At this point I hit a certificate error that stopped me completing the order. It came up with "Get Me Out of Here" and "Technical Details", but I could not find any way of moving forward without losing the entire order and having to start again. (I ended up using a different browser to place my order.)
I have Firefox 41.0.2 on Windows 8.1.
Svi odgovori (5)
I hit a certificate error that stopped me completing the order.
There is no point speculating about what the problem was, you'd need to provide the exact error given in the error pop-up.
I could not find any way of moving forward without losing the entire order and having to start again.
While I can understand this is annoying, you're asking the wrong question. The point is not to workaround a possibly flawed cert, but to understand and fix the underlying problem. When getting a certificate error this could mean there's a problem with the site (and/or the site's cert), it could be a malware problem on your computer, or you're connecting to malicious site. In other words, by ignoring the problem and asking for an exception, you're potentially putting yourself at risk.
I ended up using a different browser to place my order.
When this worked with a different browser, that's not necessarily a good sign. That other browser may be sloppy in verifying the cert, and hence potentially less secure than Firefox.
Hi, one of your extensions may be causing the problem, so try Firefox Safe Mode to see if it goes away. Firefox Safe Mode is a troubleshooting mode that temporarily turns off hardware acceleration, resets some settings, and disables add-ons (extensions and themes).
If Firefox is open, you can restart in Firefox Safe Mode from the Help menu:
- Click the menu button , click Help and select Restart with Add-ons Disabled.
If Firefox is not running, you can start Firefox in Safe Mode as follows:
- On Windows: Hold the Shift key when you open the Firefox desktop or Start menu shortcut.
- On Mac: Hold the option key while starting Firefox.
- On Linux: Quit Firefox, go to your Terminal and run firefox -safe-mode
(you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
When the Firefox Safe Mode window appears, select "Start in Safe Mode".
If the issue is not present in Firefox Safe Mode, your problem is probably caused by an extension, theme, or hardware acceleration. Please follow the steps in the Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems article to find the cause.
To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.
If that doesn't help, have a look at - "This Connection is Untrusted" error message appears - What to do.
When you figure out what's causing your issues, please let us know. It might help others with the same problem.
Thank you, Christ1, for your reply.
While I accept that Firefox was quite correct to warn of a problem with a security certificate, it is still the right of the user to use the Internet as they wish, and if they are given a warning that a site may be unsafe, Firefox should not unilaterally prevent the user from doing whatever they want to do after the security problem has been reported.
For me, Firefox is by far the best browser available, however this type of action in preventing an insecure site from being accessed may be seen as actually reducing security on the Internet. How many people will experience the problem I met, and switch permanently to a different browser that does not check certificates to the same level?
It is my view that Firefox should perhaps provide two warning screens about bad certificates, but ultimately it should allow the user to make the decision as to whether to proceed. My concession would be that Firefox should not add a permanent exception for a particular certificate, so that the warning is issued every time the particular certificate is encountered.
Thank you, Scribe, for your reply.
I finished my order today using Internet Explorer; however, I shall keep your recommendations in mind so that I can investigate further next time I encounter this sort of problem. Today was only the second time I have encountered Firefox preventing me from carrying out my intended actions. The previous time was many months ago, and I was not doing anything at the time that I needed to finish so I did not investigate further at that time.
Each version of Firefox seems to tighten its SSL-related features, and it's difficult for support volunteers to keep up on which errors allow exceptions and which do not.
One thing that helps us in our investigation is if you can find an error code in parentheses (separated_by_underscores). Sometimes you need to expand a Technical Details section on the page to find the code.
Another is, if you use Google Chrome to re-do the transaction, copy/paste or get a screen shot of the "Connection" information panel from the problem page. To view that, click the padlock on the address bar and then click the Connection tab on that panel. Chrome often gives strong warnings here instead of blocking the connection, and the reason could be the same for Firefox (with Firefox taking a different action for now, Chrome often starts blocking in a later version).
Finally, some servers still are vulnerable to the "Logjam" attack that was in the news earlier this year. Here's my standard spiel on that:
What does that mean?
Even though you trust the server, a "Logjam" attack compromises the security of your individual connection to the server, lowering the protection normally provided by SSL to a level that is easily cracked and read by others on the network. That is why Firefox protects you from making this connection.
What can you do now?
The very best solution for the protection of all users of that server is for the site to change some settings on the server. Since transactions involve sensitive information, this fix is overdue, and we encourage you to report the problem ASAP.
If you cannot wait, you can try disabling these old ciphers in your Firefox, which hopefully will force the server to try some more secure ciphers when connecting with you. Here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste dhe and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (disable Firefox from using this cipher)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (disable Firefox from using this cipher)
Then try the site again; you might have to reload the page using Ctrl+Shift+r to bypass cached information.
I suggest making this change now in advance.