Firefox cannot make a secure https connection
After going to the web site "www.faxzero.com" and entering the necessary data it proceeds to a https address "https://faxzero.com" but Firefox reports "the connection is untrusted". On the same workstation I used Safari and it worked with proper https authentication and I also tried another browser and it worked. What is causing Firefox to miss read the https site and think it is untrusted?
Endret
All Replies (14)
hello, the padlock won't be shown for this site, since it contains an element (the logo-graphic) which is not served over a secure connection.
Mixed content blocking in Firefox
https://blog.mozilla.org/security/2013/09/04/a-new-focus-on-security-in-the-web-console/
Note that you can see this as a red line in the Web Console (Tools > Web Developer; Command+Shift+K)
- GET http://faxzero.com/images/logo.gif [Mixed Content] [HTTP/1.1 200 OK ]
This web site on the same machine works for 2 other browsers. This is a fault with Firefox 22.
The web console reports the following. [11:21:41.418] GET https://faxzero.com/ [0ms]
ok, then i misread your original question - if you get the "connection is untrusted" error message for the page, it's because the website hasn't implemented the necessary intermediate certificates properly: http://www.sslshopper.com/ssl-checker.html#hostname=https://faxzero.com/
please report the issue to the website in order for them to fix it.
Once again this is a fault with Firefox.
I can use Safari another web browser on the same computer.
Why is this fault occurring ?
firefox is obviously less error-tolerant in this case than other browsers
Once again as I mentioned before I also used TOR which also uses Firefox version 17 and it works with that version of firefox on the same computer. So it is not Safari and its not the web site.
what would cause this fault in firefox 22 to report incorrectly a functioning https site?
The SHA 256 checksum for Firefox 22 for the mac that I am using is bbbefe0e24abc9511747b4a1a858d38cd93d4e2a26ce7b6f9a73dd4001ace747
You can download and install the PositiveSSL CA 2 intermediate certificate from this page:
Import this certificate in the Certificate Manager.
- Tools > Options > Advanced > Certificates/Encryption: View Certificates
Do not set any of the trust bits when installing. Those are only required for root certificates and not for intermediate certificates.
Endret
Clearly firefox 17 and 22 have been altered so as to not get the correct certificate information. I tested this by completely uninstalling and reinstalling the Firefox software and firefox clearly sees the web site https://www.faxzero.com as invalid when it is definitely valid https site as confirmed by web site "https://www.ssllabs.com".
The web site you provided is by a third part site co-rel, I am not interested in using a site to correct a serious security flaw by Mozzila.
how can i prevent firefox from using its own certificates?
No, this web server doesn't send the intermediate certificate, otherwise yo would see a certificate chain if you inspect the certificate.
Did you ever reset Firefox or otherwise create a new profile?
Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future usage.
So you may not see an error if you have visited a website in the past that did send this intermediate certificate.
If you have never visited a website that uses this same intermediate certificate then Firefox hasn't saved it and you will get an untrusted error.
I have uninstalled and reinstalled Firefox 17 and 22. But FIrefox 22 on my Windows 7 side does not complain just as Safari does but they do not enter HTTPS.
So on the same computer Firefox 22 on the Mac side complains the connection is not trusted. Firefox on the windws 7 side makes no such complaint also on the same computer byt different partition.
Did you download and install the intermediate certificate like I posted above?
If you do not get the error on the other computer then Firefox has picked up the intermediate certificate from visiting a web page that has send it and you should see the PositiveSSL CA 2 certificate in the Certificate Manager, so alternatively you can export the certificate and import it on the other computer.
Corel. Why would i install an intermediate certificate from another company called comodo? It is clear this certificate error has occurred and now affects another site called "https://myaccount.yak.ca/" which also shows the same untrusted message.
Is there an aha checksum for the certificates that Firefox uses?
Where can I find the certs on a Mac OS?