This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Secure Connection Failed

more options

We have a websites which applied the government certificate authority of Taiwan running as SSL. This is untrusted in Firefox but still can be added as exception website before not anymore today for version 31.0 upgrate. Could you help us to figure it out for this big trouble? Thank you very much! websites as following: https://www.safetaiwan.tw

Sincerely Stanley

We have a websites which applied the government certificate authority of Taiwan running as SSL. This is untrusted in Firefox but still can be added as exception website before not anymore today for version 31.0 upgrate. Could you help us to figure it out for this big trouble? Thank you very much! websites as following: https://www.safetaiwan.tw Sincerely Stanley

Chosen solution

Hi Stanley, In the new Firefox 31 there was a new certificate verification added.

Firefox version 31 uses a new verification library to perform security checks on a website. This new library might be causing the OCSP error and preventing access to the site.

The engineers are currently trying to resolve the issue, but in the meantime, you can work around this by changing the following configuration:

  1. Type in about:config in your address bar.
  2. You'll see a This might void your warranty! message. Click I'll be careful, I promise!.
  3. In the Search field, type in "'security.use_mozillapkix_verification"' to bring up that preference.
  4. Double-click on the preference to set its value to false.

The error message for the site in question: [Error code: sec_error_bad_signature]

Borrowing cor-el instructions for some firewalls monitor https connection a nd send own certs:

   *http://support.kaspersky.com/6851
   *http://forum.kaspersky.com/index.php?showtopic=264057

1 Go to SETTINGS 2 Click on the BROWN BOX icon 3 Go to NETWORK 4 Click on INSTALL CERTIFICATE (Kaspersky security certificate) follow install instructions.

Read this answer in context 👍 9

All Replies (6)

more options

Chosen Solution

Hi Stanley, In the new Firefox 31 there was a new certificate verification added.

Firefox version 31 uses a new verification library to perform security checks on a website. This new library might be causing the OCSP error and preventing access to the site.

The engineers are currently trying to resolve the issue, but in the meantime, you can work around this by changing the following configuration:

  1. Type in about:config in your address bar.
  2. You'll see a This might void your warranty! message. Click I'll be careful, I promise!.
  3. In the Search field, type in "'security.use_mozillapkix_verification"' to bring up that preference.
  4. Double-click on the preference to set its value to false.

The error message for the site in question: [Error code: sec_error_bad_signature]

Borrowing cor-el instructions for some firewalls monitor https connection a nd send own certs:

   *http://support.kaspersky.com/6851
   *http://forum.kaspersky.com/index.php?showtopic=264057

1 Go to SETTINGS 2 Click on the BROWN BOX icon 3 Go to NETWORK 4 Click on INSTALL CERTIFICATE (Kaspersky security certificate) follow install instructions.

more options

According to this test page, your web server is not sending the intermediate certificates: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=www.safetaiwan.tw&protocol=https

When I look at the certificate dialog in IE/Chrome (they share the Windows certificate store), there appear to be four certificates: root, first intermediate, second intermediate, your site. Basically, Firefox wants you to send everything except the root.

The details on how to do that depend on your server. Your server sends this information:

Apache/2.2.27 (Win32) mod_ssl/2.2.27 OpenSSL/1.0.1g PHP/5.3.28

Although the best instructions are from your issuer, here is another page for reference in case it helps: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/0/certificate-installation-apache--mod_ssl

Also, this should help in case other browsers become stricter in the future.

more options

Hi guigs2, Thanks for your patient response, it's work after following you instructions! Although, I hope it could still be more flexible to offer users options not be too strict. I'm sincerely looking forward to hear good news about the next upgrade for this issue on Firefox.

And also thanks to jscher2000, It's helpful advices.

more options

Hi stanleychung, This may also be a good reference for strict issues with the domain name you mentioned. It would be good to gather examples of this for the security team.

Can you please provide an example of the certificate to the bug https://bugzilla.mozilla.org/show_bug.cgi?id=1049185 and cc yourself so that we can follow up on the strict calls.

Thank you!

more options

400error,500error,Cn certificet,basic constraints error totely encountered to me please help! help me..

more options

Hi psubhash982, are these problems on all sites or on particular sites?

The subject of this thread was safetaiwan.tw so if you are having a problem on a different site, I suggest posting a new question with your system details. You can start that using this link:

https://support.mozilla.org/questions/new/desktop/fix-problems

If the articles suggested on the form are not helpful, please scroll down to continue with entering your question.