Why do I get a certificate "error" in Firefox ONLY? - firefox

I have a small LAN with:
A Synology server where I have installed a Comodo Wildcard
Certificate for mydomain.com.
Three wired clients running Windows 8.1 Pro and Windows 10 Pro, and
one wireless client running Mac OSX.
This LAN is connected via an IPSEC VPN to another remote LAN with
more clients.
My issue:
When I try to connect to my Synology box using https:// from a LOCAL client, using Internet Explorer 11 or Google Chrome, everything works fine. The browsers see that the website has a valid SSL Certificate and I get no errors or warnings of any kind.
However, when I use Firefox, the certificate doesn't work at all, with the following symptoms:
For THREE Wired Clients on LAN using Windows 8.1 Pro/Windows 10 Pro and Firefox:
"The Connection is Untrusted" If I click on the little Globe next to the Address bar it says "The website does not supply identity information. Your connection to this website is not encrypted."
For Wireless Client on LAN using OSX and Firefox:
EVERYTHING WORKS FINE. If I click the lock next to the address bar in Firefox it correctly shows that the website is verified by COMODO.
For Wired Client on another LAN running Windows 7 and connecting via VPN and Firefox:
EVERYTHING WORKS FINE.
So in summary: I can connect via HTTPS using Internet Explorer or Chrome from ANYWHERE with no problems. I only have problems with FIREFOX on SPECIFIC MACHINES. It is like they aren't seeing the certificate AT ALL. What is something I could look at here?
Note that on the Windows 10 Pro machine, it is a BRAND NEW FRESH install. There is nothing else on the machine except browsers. This is a brand new fresh install of the latest Windows with the latest Firefox.

I'm going to leave this here in case someone else has the same or similar problem:
I had installed my private key and certificate on the Synology server, but had failed to include the Intermediate Certificates in the package.
Apparently, Firefox maintains a separate Certificate Store from IE and Chrome, which already come with the necessary Comodo Intermediates.
On some machines, Firefox already had the necessary Intermediates, from other sites that had provided them, but on these other machines where Firefox was rarely used, it was basically a blank slate. After installing Intermediates Certificates on the Synology server, everything was fine.

Related

What is needed for a Secure WebSocket connection on Windows 10

I wrote a QT tool using WebSockets with SSL. When I roll it out to an other Windows 10 machine it doesn't connect but produces a QAbstractSocket::UnsupportedSocketOperationError on Client side. On server side I don't get any notification that a new client has connected.
The tool "Dependencies" shows no difference in dll's, a test without SSL worked fine as well as connecting from same network with my developer machine.
As is works fine with my developer machine I assume something is wrong/missing on the other Windows 10 machine. I have installed OpenSSL 1.1.0f on it but I have no idea what else to look for.
I found out that this was an encryption problem from QT. I solveded it by downloading the dll's (libcrypto-1_1-x64.dll, libssl-1_1-x64.dll) together with precompiled(!) MySql driver for my QT version from https://github.com/thecodemonkey86/qt_mysql_driver/releases and stored it into the application root folder. Additional I copied into here the "tls"-folder from qt/6.3.0/plugins/.

I can not run Windows apps without Internet

My work computer doesn't have a network connection.
But I need to install specific appxs.
I installed Windows Terminal from .msixbundle file.
I installed Ubuntu 20.04 (WSL distro) from .appx file.
They were downloaded and moved to my pc from another pc with internet connection.
When I run one of them an error occurs:
We want to make sure this is you. User interaction is required for authentication.
Or
The network location cannot be reached. For information about network troubleshooting, see Windows Help.
What does it mean? What do I need to do in order to run those apps without internet connection?

Delphi - Checklist for PAServer Connection (Mac OSX)

I have spent the better part of a day trying to connect to PAServer on MAC OSX from my Windows PC with no luck. I am not sure what I am missing.
I am using Delphi 10.2 Tokyo on Windows. Trying to connect to PAServer 19.0 on a Mac Mini running macOS Sierra (10.12.4) on which I already have XCode (v8.3.2) installed along with Command Line Tools.
Both the dev machine as well as the Mac Mini are connected to the same Wifi network. I even tried connecting both machines to a different network but with the same issue.
I get the same error message every time that the connection failed. I suspect that it has something to do with the network - where the 2 machines cannot see each other, but I don't know how I can confirm this or resolve it. I have tried to search on SO as well as online but have not found anything that has helped.
Has anyone seen this issue and overcome it? Is there a set of steps I can go thru to troubleshoot this? Any help or guidance would be most appreciated!
OK - I kept trying out different things and was able to solve this issue (one way to solve it I guess).
Because it seemed like it was network related, I tried first to create a hotspot with my phone and connected the dev machine and the Mac Mini to it. The PAServer connection worked.
So I looked for a way to do this via Windows. Here are the steps I followed:
Open Settings > Network & Internet (on Windows 10)
Go into Mobile Hotspot and select Wi-Fi in the Share my
Connection From dropdown
Set a Network name and Network password
Turn on Share my Internet connection with other devices
Now on the Mac, connect to the network name we set up in step 3 and enter the password that was set. Then start PAServer on the Mac. That's it!
Now when you connect from Delphi to PAServer, the connection succeeds.
Note: Interestingly, when I was not using the mobile hotspot method on Windows, the IP address on PAServer (and on Windows) was 10.xx.xx.xx. With the mobile hotspot, the IP address is 192.xx.xx.xx.
I just configured (today) a new macos sierra with paserver. yes it's painfull :(
don't use virtualbox (it's buggy and slow), but use instead VMware, it's work like a charm. it's much more easy to have only one computer to develop than 2. also you can copy/past the log or anythink else from macosx to windows (or vice-versa) in just one click. and you will not have any internet problem or anything else ...

Self-signed certificate in Windows Phone 8

I'm facing an issue with self-signed certificate in Windows Phone 8 app. I have installed the certificate (.p7b) manually and it works fine when I browse through the site in IEMobile.
But when I visit the same, using the WebBrowser control in my hybrid app, The certificate error still shows and can't be ignored, even after tapping Continue. Isn't the Certificate installed System-wide or is it just for IE?
I have referred many links regarding this but in vain. Any help would be jighly appreciated. Thank you.
I had the same issue, and it turned out to be a hostname mismatch between what the certificate contained and the address I was using to connect to the server. If those match, and you install the P7B file on the Windows Phone device, then you should no longer see certificate warnings.
For the full details of my issues and solution, see this thread on MSDN.

WebDAV on IIS 7.5 with SSL (self signed) - Windows can't connect - Mac can only mount it readonly

Today I spent the whole day investigating why I have so many problems with WebDAV.
My Server is running Windows 2008 R2 with IIS7.5.
I created a self signed certificate and added it to the "Default Web Site". I enabled Windows Authentication and installed the WebDAV Extension.
I enabled Locking WebDAV Settings as you see here:
http://www.abload.de/img/webdavydkea.png
I then created a folder called Shares on C:\ and changed added writting permissions for the domain users.
At the end I created the Virtual Directory and set the "Authorization Rules" and the "WebDav Authorization Rules".
At the end I force the usage of SSL with the previously self signed certificate.
Now I try to connect with MAC OS X 10.7 and MAC OS X 10.6 and both mount it readonly.
If I try to mount it in Windows I get the following error message:
The mapped network drive could not be created because the following error has occurred:
A device attached to the system is not functioning.
More details if I try to mount it by using the command line:
System error 1244 has occurred.
The operation being requested was not performed because the user has not been authenticated.
If I now disable the SSL support I can mount it in Windows too including write support. MAC OS X still does only mount it as read only.
Altogether I have the following problems:
Why does MAC OS X mount the WebDAV directory as readonly even so I enabled locking support?
Why does Windows not work if I try to use SSL with the self signed certificate?
I have a similar setup, and just experienced the same "cannot connect from Windows 7" problem.
I found that I can connect from a Win XP machine. On connecting, a popup asks me if I want to trust the self-signed cert -> I accept -> it connects well.
This made me suspect that the Win 7 problem is with the cert (with not showing a popup to let me manually accept the self-signed cert). The solution to make it work is:
Either import the self-signed cert in Win 7 / IE9 into the "Trusted root CA"
cert store.
Or buy a cert that is signed by a known cert authority.

Resources