Vanwege onderhoudswerkzaamheden die uw ervaring zouden moeten verbeteren, heeft deze website beperkte functionaliteit. Als een artikel uw probleem niet verhelpt en u een vraag wilt stellen, kan onze ondersteuningsgemeenschap u helpen in @FirefoxSupport op Twitter en /r/firefox op Reddit.

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

"The connection to the server was reset while the page was loading." when loading intranet HTTPS site

  • 2 antwoorden
  • 1 heeft dit probleem
  • 1 weergave
  • Laatste antwoord van g.kostov

more options

I just installed an Enterprise Root CA in Active Directory Integrated mode. I issued an certificate to one of our servers. Everything worked fine. IE 11 and Chrome have no problem opening my test intranet site. However Firefox keeps giving me this error:

  Secure Connection Failed
  The connection to the server was reset while the page was loading.
      The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
      Please contact the website owners to inform them of this problem.

I imported my Root CA certificate in Firefox but it didn't help. I played several times with certificate options while issuing the certificate, but none of them helped. In IE and Chrome my test site worked OK under all options.

The current options of test site's certificate are as follows:

Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:36 Valid to: 23.01.2019, 14:46 Subject: <my server's fqdn> Public key: RSA (2048 bits) Enhanced key usage: Server Authentication Subject Alternative Name: DNS=<my server's fqdn>&DNS=<my server's hostname> Key Usage: Digital Signature, Key Encipherment (a0)

My Root CA's certificate has these options:

Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:28 Valid to: 23.01.2019, 14:38 Subject: <my Root CA> Public key: RSA (2048 bits) Certificate template: CA Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)

The CA, Test web server, and Firefox browser are all on the same Windows 2012 R2 machine. I tried Firefox browser on two other computers - no difference. Server's security protocols are configured (using IIS Crypto 2.0) as follows:

 Protocols: TLS 1.0, TLS 1.1, TLS 1.2
 Ciphers: 3DES 168, AES 128, AES 256
 Hashes: SHA256, SHA384, SHA512
 Key Exchanges: Diffie-Hellman, PKCS, ECDH

Since mots of user's at my place prefer Firefox, I have to find a solution for this problem before launching my CA in production. So your cooperation would be highly appreciated!

Best regards George

I just installed an Enterprise Root CA in Active Directory Integrated mode. I issued an certificate to one of our servers. Everything worked fine. IE 11 and Chrome have no problem opening my test intranet site. However Firefox keeps giving me this error: Secure Connection Failed The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I imported my Root CA certificate in Firefox but it didn't help. I played several times with certificate options while issuing the certificate, but none of them helped. In IE and Chrome my test site worked OK under all options. The current options of test site's certificate are as follows: Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:36 Valid to: 23.01.2019, 14:46 Subject: <my server's fqdn> Public key: RSA (2048 bits) Enhanced key usage: Server Authentication Subject Alternative Name: DNS=<my server's fqdn>&DNS=<my server's hostname> Key Usage: Digital Signature, Key Encipherment (a0) My Root CA's certificate has these options: Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:28 Valid to: 23.01.2019, 14:38 Subject: <my Root CA> Public key: RSA (2048 bits) Certificate template: CA Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) The CA, Test web server, and Firefox browser are all on the same Windows 2012 R2 machine. I tried Firefox browser on two other computers - no difference. Server's security protocols are configured (using IIS Crypto 2.0) as follows: Protocols: TLS 1.0, TLS 1.1, TLS 1.2 Ciphers: 3DES 168, AES 128, AES 256 Hashes: SHA256, SHA384, SHA512 Key Exchanges: Diffie-Hellman, PKCS, ECDH Since mots of user's at my place prefer Firefox, I have to find a solution for this problem before launching my CA in production. So your cooperation would be highly appreciated! Best regards George

Alle antwoorden (2)

more options

What cipher suite use the other programs and what cipher suites does the server offer to browsers?

If weak and unsafe cipher suites are supported then Firefox or possibly security software might terminate the connection.

more options

cor-el said

What cipher suite use the other programs and what cipher suites does the server offer to browsers? If weak and unsafe cipher suites are supported then Firefox or possibly security software might terminate the connection.

As i said in first question, server is configured to use 3DES 168, AES 128, AES 256. Chrome reports "AES_256_GCM" as used cipher.

Meanwhile I tried to reproduce the problem on another Intranet server, and it worked fine there. I requested certificate with the same options from the same CA, and when installed it worked fine with Firefox too. I'll investigate to find differences between two servers, but in general the problem is most likely in server configuration. The fact that only Firefox was affected led me to search resolution here, but obviously there is another reason in the server which had to be found yet.

Thanks for cooperation.

Bewerkt door g.kostov op