为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Self signed SSL Certificates no longer work after upgrade to 37.0.1

  • 6 个回答
  • 9 人有此问题
  • 12 次查看
  • 最后回复者为 LottoTotto

more options

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site.

http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/

I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1.

The network setting is already set to use "No Proxy"

How do I fix this?

Windows 8.1 Pro IIS 8

I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site. http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/ I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1. The network setting is already set to use "No Proxy" How do I fix this? Windows 8.1 Pro IIS 8

所有回复 (6)

more options

Some cipher suites have been removed in Firefox 37.

What cipher suite use other browsers in case it is not the certificate?

You can check the Connection tab in Google Chrome (click the padlock).

more options

I have exactly the same problem. All servers and devices that use a self-signed certificate are not reachable anymore via FF37.0.1 after upgrade to FF 37.0.1. Firefox prints:

"Secure Connection Failed

The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

I'm not getting the chance to add an exception hence no access to the server anymore. This is a severe problem, because all internally used Glassfish servers in our test environments run with self-signed certificates. As Firefox blocks access to them I cannot maintain my servers anymore. I have the same problem with Chrome but not with IE - IE is the offers to add an exception but suffers the blank page problem when accessing Glassfish.

I tried to adjust the following values in the FF config: security.tls.version.min = 0 ;default deleted cert8.db and restarted FF

I'm really lost, kindly advise.

more options

I downgraded FF to version 36.0.4 because they don't seem too concerned that they've introduced a major breaking change.

If you decide to downgrade make sure you disable automatic updates before you downgrade; otherwise it will just re-upgrade you within seconds.

Options -> Advanced -> Update -> Never check ...

more options

I have the same problem on my Mac. I thought it was Mac-specific.

more options

cor-el my certificate details are as follows:

Connection Encrypted (tls_ecdhe_rsa_with_aes_256_cbc_sha, 256 bit keys, TLS 1.1)

Certificate Signature Alorithm: PKCS #1 SHA-512 With RSA Encryption

more options

We have found a solution that worked for us. We re-created the certificates as RSA certificates and imported them as domain certificates into Glassfish keystore / truststore and it worked. FF offered a certificate exception and if one accepts everything, it'll be OK. The original certificate which did not work was a DES cert. The certificate that worked for us (GF 3, FF37.0.1) was created as follows:

  1. keytool -genkey -alias s1as -keyalg RSA -keysize 2048 -keystore keystore.jks

So far so good for us. However, I would FF expect to give a more meaningful message. It would also have saved us time if these kind of changes are documented for every new release of FF - are they? If yes, it would be helpful to get the link where this is documented.