This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Self signed SSL Certificates no longer work after upgrade to 37.0.1

  • 6 svar
  • 9 har dette problemet
  • 12 views
  • Siste svar av LottoTotto

more options

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site.

http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/

I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1.

The network setting is already set to use "No Proxy"

How do I fix this?

Windows 8.1 Pro IIS 8

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site. http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/ I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1. The network setting is already set to use "No Proxy" How do I fix this? Windows 8.1 Pro IIS 8

All Replies (6)

more options

Some cipher suites have been removed in Firefox 37.

What cipher suite use other browsers in case it is not the certificate?

You can check the Connection tab in Google Chrome (click the padlock).

more options

I have exactly the same problem. All servers and devices that use a self-signed certificate are not reachable anymore via FF37.0.1 after upgrade to FF 37.0.1. Firefox prints:

"Secure Connection Failed

The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

I'm not getting the chance to add an exception hence no access to the server anymore. This is a severe problem, because all internally used Glassfish servers in our test environments run with self-signed certificates. As Firefox blocks access to them I cannot maintain my servers anymore. I have the same problem with Chrome but not with IE - IE is the offers to add an exception but suffers the blank page problem when accessing Glassfish.

I tried to adjust the following values in the FF config: security.tls.version.min = 0 ;default deleted cert8.db and restarted FF

I'm really lost, kindly advise.

more options

I downgraded FF to version 36.0.4 because they don't seem too concerned that they've introduced a major breaking change.

If you decide to downgrade make sure you disable automatic updates before you downgrade; otherwise it will just re-upgrade you within seconds.

Options -> Advanced -> Update -> Never check ...

more options

I have the same problem on my Mac. I thought it was Mac-specific.

more options

cor-el my certificate details are as follows:

Connection Encrypted (tls_ecdhe_rsa_with_aes_256_cbc_sha, 256 bit keys, TLS 1.1)

Certificate Signature Alorithm: PKCS #1 SHA-512 With RSA Encryption

more options

We have found a solution that worked for us. We re-created the certificates as RSA certificates and imported them as domain certificates into Glassfish keystore / truststore and it worked. FF offered a certificate exception and if one accepts everything, it'll be OK. The original certificate which did not work was a DES cert. The certificate that worked for us (GF 3, FF37.0.1) was created as follows:

  1. keytool -genkey -alias s1as -keyalg RSA -keysize 2048 -keystore keystore.jks

So far so good for us. However, I would FF expect to give a more meaningful message. It would also have saved us time if these kind of changes are documented for every new release of FF - are they? If yes, it would be helpful to get the link where this is documented.