Self-Signed SSL Link not working - firefox

I have an embedded web server with a self-signed SSL certificate. After I get past the Web Browser's warning about the SSL Certificate being self signed, I am seeing a difference between IE8 and Firefox 3.5.5.
In IE8, if I try to download a PNG file, it will download every time.
In FireFox, it will give me an error every other time.
The error message is this:
Secure Connection Failed
An error occurred during a connection to 192.168.1.100.
SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)
*The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
*Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
What is causing this? Why does one browser work all the time and the other only works every other time?

It's hard to say without looking at the packets. If I had to hazard a guess, it would be that on the second request, Firefox is trying to resume the SSL session, and for some reason, the server doesn't like that. On the next request, Firefox doesn't try to resume, and it succeeds again. Maybe?

Related

change browser behavior for web page with invalid certificate

When a user tries to browse webpage having an invalid certificate(expired,self-signed, untrusted root, etc..),
browser warns the user about the security issue with page give option to proceed or return back.
Is it possible the change the page(default) that's being displayed here? how to get into the chain of event that gets trigger after the browser evaluates certificate validity?
Any help would be appreciated.
thanks,
It is impossible to achieve that feature on the server-side. It is a part of the client-side's browser implementation on validating the server-side’s certificate.
As you know, the Https connection based on the SSL/TLS version between the client-side and the server-side. establishing the TLS connection requires a handshake between the server-side and the client-side.
The client and server will provide the available TLS version during the process, including the supported certificate encryption algorithm and certificate public key. If the process fails, we cannot program the webpage displayed on the client-side since the TLS connection has not been established yet.
Feel free to let me know if there is anything I can help with.

Rabbitmq management UI issue with Firefox

I'm trying to use rabbitmq management UI on Firefox, getting this error:
An error occurred during a connection to localhost:15671. SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
This works for me on Chrome.
Version Details:
Rabbitmq-3.6.5
Erlang-19.0
Firefox-48.0
This is not an rabbitMQ UI issue.its browser level certification problem.You need to update that thing.
Firefox displays this error "ssl_error_handshake_failure_alert" means that you do not have valid personal certificates in your browser. You can obtain new ones by going to http://ist.mit.edu/certificates and clicking on Get MIT Personal Certificate.
Please refer this link https://support.mozilla.org/en-US/questions/728969 to get full knowledge about this

SSL seems to be not installed properly

I have a certificate for a domain example.com. So, every request in my application (MVC 3) is being redirected to the https://example.com. But the problem is, I can see the padlock icon in the Firefox browser
but one second later it disappears and I see that there is no certificate ?
I have no clue what's going on, can somebody enlighten me ? The application is being hosted on Windows Server 2008 R2.
The "...which is run by (unknown)" message is just a message telling you that the certificate only verifies the web site name, not the owner. The message is not very clear and has been reported as a bug to Mozilla.
The "Your connection to this site is only partially encrypted" message means that you're fetching at least some HTTP data as a part of your HTTPS page (check your font/image/media links on the page) and the data fetched via HTTP is not secure. A secure page should only link to HTTPS content, or someone listening to the connection may be able to the insecure communication and figure out what is done over the secure link. For example, if your cookies are not set as secure, they'll be sent over clear text too when fetching data from your site.
All in all, the SSL cert seems to be installed ok, but your page needs some updates to only link to secure content.

can an invalid ssl certificate cause some posts to fail via ajax in firefox?

I'm wondering if an invalid or expired SSL certificate could cause some ajax posts via Firefox to fail (not all ajax posts, some are successful)? I'm trying to determine the cause of my ajax request via firefox to be aborted (and is not seen in other browsers). If I'm using Fiddler, the post does work too.
Yes, attempting to connect to an HTTPS site that has an invalid certificate (for whatever reason) with a XHR request will make this request fail. Unlike direct requests, it won't be able to display the usual certificate warning message to ask you whether you want to proceed.

SSL : sec_error_unknown_issuer

I'm getting the sec_error_unknown_issuer on my website : https://www.lceonline.co.uk/
The error occurs when I add an item to the cart then click checkout (The checkout page seems to cause it) The SSL Certificate is with Globasign
It seems that this error only occurs in Firefox. Does anyone have a solution or can point me in the direction of one? Little bit of a struggle.
Cheers Guys
Each browser has an installed list of what is called "Root Certificates". If the issuer's certificate is not in this database, then the browser will reject the cert with the message that you are seeing.
Firefox and Internet Explorer use independent lists of root certs. You may want to speak to your issuer, or a different issuer, about getting you a cert that is acceptable in all major browsers.
It should also be noted that a cert can be denied by the browser with a similar error if it depends on intermediate certificates in the cert-chain and the server has not been correctly configured to deliver all the required certs to the browser. This can be tricky to diagnose as browsers will cache and re-use intermediate certs, even if they were originally requested from a different server.

Resources