Self signed SSL Certificates no longer work after upgrade to 37.0.1
I followed these two articles to create local self signed certificates and they have been working fine since February. Now with the update to 37.0.1 I get "Secure Connection Failed" while trying to access my local website through FireFox. IE and Google Chrome have no problem accessing the local site.
http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/ http://www.jayway.com/2014/10/27/configure-iis-to-use-your-self-signed-certificates-with-your-application/
I have already deleted cert8.db, restarted FF, then re-imported the self signed certificates but get the same error. No other software has changed on this box except the automatic upgrade to FF 37.0.1.
The network setting is already set to use "No Proxy"
How do I fix this?
Windows 8.1 Pro IIS 8
Todas as respostas (6)
Some cipher suites have been removed in Firefox 37.
What cipher suite use other browsers in case it is not the certificate?
You can check the Connection tab in Google Chrome (click the padlock).
I have exactly the same problem. All servers and devices that use a self-signed certificate are not reachable anymore via FF37.0.1 after upgrade to FF 37.0.1. Firefox prints:
"Secure Connection Failed
The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."
I'm not getting the chance to add an exception hence no access to the server anymore. This is a severe problem, because all internally used Glassfish servers in our test environments run with self-signed certificates. As Firefox blocks access to them I cannot maintain my servers anymore. I have the same problem with Chrome but not with IE - IE is the offers to add an exception but suffers the blank page problem when accessing Glassfish.
I tried to adjust the following values in the FF config: security.tls.version.min = 0 ;default deleted cert8.db and restarted FF
I'm really lost, kindly advise.
I downgraded FF to version 36.0.4 because they don't seem too concerned that they've introduced a major breaking change.
If you decide to downgrade make sure you disable automatic updates before you downgrade; otherwise it will just re-upgrade you within seconds.
Options -> Advanced -> Update -> Never check ...
I have the same problem on my Mac. I thought it was Mac-specific.
cor-el my certificate details are as follows:
Connection Encrypted (tls_ecdhe_rsa_with_aes_256_cbc_sha, 256 bit keys, TLS 1.1)
Certificate Signature Alorithm: PKCS #1 SHA-512 With RSA Encryption
We have found a solution that worked for us. We re-created the certificates as RSA certificates and imported them as domain certificates into Glassfish keystore / truststore and it worked. FF offered a certificate exception and if one accepts everything, it'll be OK. The original certificate which did not work was a DES cert. The certificate that worked for us (GF 3, FF37.0.1) was created as follows:
- keytool -genkey -alias s1as -keyalg RSA -keysize 2048 -keystore keystore.jks
So far so good for us. However, I would FF expect to give a more meaningful message. It would also have saved us time if these kind of changes are documented for every new release of FF - are they? If yes, it would be helpful to get the link where this is documented.