본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Self signed SSL Certificates no longer work after upgrade to 37.0.1

  • 6 답장
  • 9 이 문제를 만남
  • 6 보기
  • 최종 답변자: LottoTotto

more options

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site.

http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/

I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1.

The network setting is already set to use "No Proxy"

How do I fix this?

Windows 8.1 Pro IIS 8

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site. http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/ I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1. The network setting is already set to use "No Proxy" How do I fix this? Windows 8.1 Pro IIS 8

모든 댓글 (6)

more options

Some cipher suites have been removed in Firefox 37.

What cipher suite use other browsers in case it is not the certificate?

You can check the Connection tab in Google Chrome (click the padlock).

more options

I have exactly the same problem. All servers and devices that use a self-signed certificate are not reachable anymore via FF37.0.1 after upgrade to FF 37.0.1. Firefox prints:

"Secure Connection Failed

The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

I'm not getting the chance to add an exception hence no access to the server anymore. This is a severe problem, because all internally used Glassfish servers in our test environments run with self-signed certificates. As Firefox blocks access to them I cannot maintain my servers anymore. I have the same problem with Chrome but not with IE - IE is the offers to add an exception but suffers the blank page problem when accessing Glassfish.

I tried to adjust the following values in the FF config: security.tls.version.min = 0 ;default deleted cert8.db and restarted FF

I'm really lost, kindly advise.

more options

I downgraded FF to version 36.0.4 because they don't seem too concerned that they've introduced a major breaking change.

If you decide to downgrade make sure you disable automatic updates before you downgrade; otherwise it will just re-upgrade you within seconds.

Options -> Advanced -> Update -> Never check ...

more options

I have the same problem on my Mac. I thought it was Mac-specific.

more options

cor-el my certificate details are as follows:

Connection Encrypted (tls_ecdhe_rsa_with_aes_256_cbc_sha, 256 bit keys, TLS 1.1)

Certificate Signature Alorithm: PKCS #1 SHA-512 With RSA Encryption

more options

We have found a solution that worked for us. We re-created the certificates as RSA certificates and imported them as domain certificates into Glassfish keystore / truststore and it worked. FF offered a certificate exception and if one accepts everything, it'll be OK. The original certificate which did not work was a DES cert. The certificate that worked for us (GF 3, FF37.0.1) was created as follows:

  1. keytool -genkey -alias s1as -keyalg RSA -keysize 2048 -keystore keystore.jks

So far so good for us. However, I would FF expect to give a more meaningful message. It would also have saved us time if these kind of changes are documented for every new release of FF - are they? If yes, it would be helpful to get the link where this is documented.