HTTPS: This Connection is Utrusted (Certificate Problem)

Status
Not open for further replies.
B

bob p

Dabbler
Joined
Jun 24, 2014
Messages
22
I just upgraded from 9.2.1.7 to 9.3-release. After performing the upgrade, I decided to try using https instead of http to serve the web pages on my LAN.

After the config file change to default to https, Firefox has begun to issue "Untrusted Connection" errors. Oh, how I hate Firefox for doing this.

In case you're not familiar with the problem: instead of loading the page, Firefox makes you jump through all sorts of hoops to download security certificates from the server. Then, Firefox imposes it's own arbitrary standards about whether it is willing to trust them, and makes you jump through another set of hoops to try to add a security exception so that the errors don't continue. The real problem is with Firefox -- I've never been able to get it to store a security exception. No matter what, Firefox throws a wrench in the works.

At present this is what things look like: (see attachment)

The problem is that Firefox refuses to accept self-signed security certificates like the one that Freenas uses. The only way to deal with the problem is to add an exception for the certificate, but Firefox never allows me to permanently store the exception. This means that I'm forced to deal with the problem all over again every time that firefox is rebooted and I try to access the administrative panel using Firefox.

Does anyone have a solution to this Firefox problem?

TIA
 

Attachments

  • firefox.png
    firefox.png
    51.6 KB · Views: 298
B

bob p

Dabbler
Joined
Jun 24, 2014
Messages
22
addendum: After the Firefox security exception fails to work properly, I'm able to proceed to the Freenas GUI, but Freenas issues the following error:

"SkipCertError encountered unsupported conditions: not valid at this time (see below)"

Unfortunately, there's nothing listed below other than the log-on box. Logon proceeds normally.

I'd really like to eliminate these errors without reverting to http if at all possible. Thanks.
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
There's a thread I wrote up that has the workaround for Firefox with step-by-step instructions. :p
 
B

bob p

Dabbler
Joined
Jun 24, 2014
Messages
22
interesting. I did the due-diligence responsibility of searching for the string "Firefox certificate" before starting this thread, and I received a null output from the site's search feature. It would appear that there's a problem with the site's indexing.

got a link?
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
B

bob p

Dabbler
Joined
Jun 24, 2014
Messages
22
> In your case, you should add the exception...

Well, that recommendation is frustrating...

I thought I was clear in the initial post that it is not possible for me to add the exception -- firefox refuses to allow an exception to be generated. The ability to store the exception is prohibited, as the check-box is grayed-out. (See attachment to follow -- I'll have to commit this post, close my browser, and reopen it in order to access the error warning.)

Because the ability to store the exception is prevented by firefox, there seems to be no way to prevent the error from recurring ... unless it's possible to change the firefox config so that the security feature is not enforced.

Unfortunately, the link that you referenced doesn't really provide the answer; it points the user to follow procedures defined in a thread at:

http://www-10.lotus.com/ldd/nd8foru...0FF3C685257D20007A4BFB?OpenDocument&ca=drs-fo

Unfortunately, the procedures in that thread are not helpful, because they are obsolete and don't provide the intended fix. The outdated procedure requires the user to change a security key in the Firefox registry that no longer exists. Specifically, the thread on the IBM site suggests changing a boolean value to false in the firefox registry field entitled, "security.use_mozillapkix_verification". The current version of Firefox is 34.0. 34.0 has no such registry key to change.

So it seems that the recommended solution to the problem fails on two points:
1. It's not possible to store the exception in firefox 34.0, as the checkbox is grayed-out;
2. The instructions for changing the firefox registry key are obsolete; the current firefox release has no such registry key.

Am I missing something obvious?
 
B

bob p

Dabbler
Joined
Jun 24, 2014
Messages
22
some screenshots:

Notice that the option to store the exception is disabled by firefox 34.0.
This forces the user to deal with the same error over and over again.

firefox2.png
 
Status
Not open for further replies.

Similar threads

David Dyer-Bennet
  • Locked
SOLVED Can't connect to web GUI due to Strict Transport Security
Replies
8
Views
4K
David Dyer-Bennet
David Dyer-Bennet
F
  • Locked
SOLVED upgrade problem.
Replies
14
Views
5K
frouty
F
E
Very Weird Problem With Firefox
Replies
1
Views
602
eliwap
E
G
  • Locked
Using FreeNAS as local network CA
Replies
6
Views
2K
sonicaj
S
T
  • Locked
Import GlobalSign Root CA Certificate
Replies
11
Views
7K
danb35
danb35
Top