Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3188
Views
0
Helpful
4
Replies

Issues with Firefox and HTTPS decryption

dkorell
Level 1
Level 1

‎09-15-2015 03:09 PM

I turned on HTTPS decryption today and doing some testing but having a hard time getting Firefox to work with any sites that require decryption. This is the error I'm getting:

This Connection is Untrusted
You have asked Firefox to connect securely to www.google.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

www.google.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)

If I import the cert into Firefox then it breaks it even more and just says "Secure Connection Failed"

I found this in the documentation but not sure how to check my cert or if even related.

Mozilla Firefox browsers:

The certificate you upload must contain "basicConstraints=CA:TRUE" to work with Mozilla Firefox browsers. This constraint allows Firefox to recognize the root certificate as a trusted root authority.

Internet Explorer and Chrome appear to be working just fine and trusting my cert. Anyone been through this and have a resolution? I have searched all over and can't find much.

4 people had this problem
Labels:
0 Helpful
4 Replies 4

David Niemann
Level 3
Level 3

‎09-21-2015 10:31 AM

Are you using the self-signed cert generated by the WSA?

0 Helpful

dkorell
Level 1
Level 1
In response to David Niemann

‎09-22-2015 09:45 AM

I'm using a cert created from our AD cert server and is distributed by AD to computers. What I found with Firefox is it doesn't use the windows cert store like IE and Chrome do. It uses its own store which is very difficult to mass import the certs into. It can be done but many users (not necessarily for proxy reasons) out there are feeling the same pain when it comes to Firefox. I thought for sure more people would have come across this in here.

0 Helpful

David Niemann
Level 3
Level 3
In response to dkorell

‎09-22-2015 10:23 AM

Yes, that's correct.  Firefox is a terrible browser from an Enterprise management standpoint.  We don't officially support Firefox in our environment, but provide the certs and pass-through authentication modification directions as a work-around.

0 Helpful

Ken Stieers
VIP
VIP
In response to dkorell

‎09-22-2015 12:02 PM

gut feel from answering a lot of questions in this forum, not much Firefox...

Lots of Chrome and IE...

 

Ken

 

0 Helpful
Customers Also Viewed These Support Documents