搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Add security exception option is showing up

more options

So we installed a certificate on our webapp server to enable ssl and after installing it, the ssl enabled url is opening in chrome and IE, just fine, but not in Firefox. Even the option to add security exception is not showing but the page just says "Secure Connection Failed" Here's what we have tried so far. 1. In about:config,

              a. change the security.tls.insecure_fallback_hosts =vzdrm.companyname.com
              b. Change security.ssl.enable_ocsp_stapling to false 

2. Install the certificate from the server to the local machine in Firefox's "your certificates" Tab. As shown in the picture.

There's something wierd thing happened and I am not totally sure what iworked. So I installed fiddler trace on one of the VM sandboxes to see what's going on, and when I started it, it gave me a warning saying something like "HTTPS traffic decryption option is disabled. Click here to enable it". When I did it, it asked me that it would like to install a root certificate. Right after I did it and tried loading the webapp url again, it loaded fine and even the option to 'add security exception' came up. I see that in the Firefox's certificate manager(servers tab), it shows the fiddler certicate is installed. I thought may be if I try to manually install this certificate in the servers tab, it may work in my local machine but I dont see an option to import certificate in the server tab. I would appreciate any input on this.

So we installed a certificate on our webapp server to enable ssl and after installing it, the ssl enabled url is opening in chrome and IE, just fine, but not in Firefox. Even the option to add security exception is not showing but the page just says "Secure Connection Failed" Here's what we have tried so far. 1. In about:config, a. change the security.tls.insecure_fallback_hosts =vzdrm.companyname.com b. Change security.ssl.enable_ocsp_stapling to false 2. Install the certificate from the server to the local machine in Firefox's "your certificates" Tab. As shown in the picture. There's something wierd thing happened and I am not totally sure what iworked. So I installed fiddler trace on one of the VM sandboxes to see what's going on, and when I started it, it gave me a warning saying something like "HTTPS traffic decryption option is disabled. Click here to enable it". When I did it, it asked me that it would like to install a root certificate. Right after I did it and tried loading the webapp url again, it loaded fine and even the option to 'add security exception' came up. I see that in the Firefox's certificate manager(servers tab), it shows the fiddler certicate is installed. I thought may be if I try to manually install this certificate in the servers tab, it may work in my local machine but I dont see an option to import certificate in the server tab. I would appreciate any input on this.

所有回覆 (10)

more options

Below are the screenshots.

more options

In your second screenshot, is that the same subdomain as the problem page? If you click the gray lock with the yellow warning triangle, can you figure out why it's not a green lock? Sometimes it's a weak cipher, and other times it's mixed (HTTP) display content in the page.

The "Secure Connection Failed" page typically has scanty information about the problem. If the padlock appeared normally, it could be taken to mean "connection failed," but yours doesn't have any kind of padlock. Does anything in the following article help:

Secure connection failed and Firefox did not connect

I installed fiddler trace on one of the VM sandboxes to see what's going on, and when I started it, it gave me a warning saying something like "HTTPS traffic decryption option is disabled. Click here to enable it". When I did it, it asked me that it would like to install a root certificate. Right after I did it and tried loading the webapp url again, it loaded fine and even the option to 'add security exception' came up. I see that in the Firefox's certificate manager(servers tab), it shows the fiddler certicate is installed. I thought may be if I try to manually install this certificate in the servers tab, it may work in my local machine but I dont see an option to import certificate in the server tab. I would appreciate any input on this.

It would only be useful to install the Fiddler certificate on your local machine if you plan to run Fiddler on it. That shouldn't be necessary.

If you test your server on this page, does it show that their Firefox test machines can connect?

https://www.ssllabs.com/ssltest/

If their Firefoxes can connect, yours also should be able to connect. If they can't, there hopefully is an explanation of the problem.

more options

This is what more information page is saying.

more options

Your Page Info dialog lists the full URL, by the way, in case you want to remove/edit that.

The DO_NOT_TRUST issuer is typical of the Fiddler Root signing certificate, so is that screenshot from your VM or your local system? The cipher information looks favorable, so the warning triangle probably relates to mixed display content in the page.

more options

Note that on the Server you can only add a security exception (the Add Exception button in this tab opens the same window as the button found on the error page and the chrome uri). If you need to import a certificate then you need to use one of the tabs that show this button.

If pages are loaded in an (i)frame then you may also not be able to add an exception. You can check the latter via the right-click context menu.

more options

@jscher2000 The screenshot is from VM. Also, its an internal server so I don't see it showing up on the ssl test website.

If you test your server on this page, does it show that their Firefox test machines can connect?

https://www.ssllabs.com/ssltest/

If their Firefoxes can connect, yours also should be able to connect. If they can't, there hopefully is an explanation of the problem.


@cor-el I am not exactly sure what you are referring to. Can you pleasecor-el said

Note that on the Server you can only add a security exception (the Add Exception button in this tab opens the same window as the button found on the error page and the chrome uri). If you need to import a certificate then you need to use one of the tabs that show this button. If pages are loaded in an (i)frame then you may also not be able to add an exception. You can check the latter via the right-click context menu.
more options

send a screenshot, if you can.

more options

If you cannot use the SSLLabs diagnostic, there may be some other tool you can use to see what cipher suites are reported to browsers as enabled on the server so you can check whether Firefox supports any of them.

more options

I used the below script and this is the output I am getting. I know something's wrong as it is displaying unknown response for each of them. Here's the script I used. https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers jscher2000 said

If you cannot use the SSLLabs diagnostic, there may be some other tool you can use to see what cipher suites are reported to browsers as enabled on the server so you can check whether Firefox supports any of them.
more options

The first line mentions a library from 2008, so perhaps there's a way to get a newer script that can probe for more modern ciphers?