Spletno mesto bo delovalo z omejenimi zmožnostmi, medtem ko na njem izvajamo vzdrževalna dela za vas. Če članki ne rešijo vaše težave in želite zastaviti vprašanje, naša skupnost za podporo čaka na vas na @FirefoxSupport na Twitterju in na /r/firefox na Redditu.

Avatar for Username

Iskanje po podpori

Izogibajte se prevarantski tehnični podpori. Nikoli vam ne bomo naročili, da pokličete telefonsko številko ali nam pošljete osebne podatke. Sumljivo dejavnost prijavite z gumbom »Prijavi zlorabo«.

Več o tem

Ta tema je arhivirana. Postavite prosim novo vprašanje, če potrebujete pomoč.

FF33 doesn't like our internal SSL certificates.

ChrisKarel
ChrisKarel
more options

Updating FireFox to version 33 breaks SSL connectivity with certificates signed by our company's internal CAs. As of the latest update, we get the following error message with no method of override:

An error occurred during a connection to www.google.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)

I assume the problem stems from the new mozilla::pkix certificate validation. The sec_error_bad_der seems to indicate there's a parsing issue with the certificate itself.

These certificates work fine in FF <32, Chrome, and MS IE. But I recognize there may be something subtly wrong with these certs that should be corrected. However, FireFox doesn't actually give any useful information to help troubleshoot this. What options are available to discover what exactly FF is finding so broken about these?

Updating FireFox to version 33 breaks SSL connectivity with certificates signed by our company's internal CAs. As of the latest update, we get the following error message with no method of override: An error occurred during a connection to www.google.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der) I assume the problem stems from the new mozilla::pkix certificate validation. The sec_error_bad_der seems to indicate there's a parsing issue with the certificate itself. These certificates work fine in FF <32, Chrome, and MS IE. But I recognize there may be something subtly wrong with these certs that should be corrected. However, FireFox doesn't actually give any useful information to help troubleshoot this. What options are available to discover what exactly FF is finding so broken about these?

Vsi odgovori (1)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

Sorry to put this work on you, but I don't understand many of the comments in these bugs about issues with the signing certificate. You probably are in a better position to understand them:

https://www.google.com/search?q=sec_error_bad_der+site:bugzilla.mozilla.org&tbs=qdr:y