Important Notice: We're experiencing email notification issues. If you've posted a question in the community forums recently, please check your profile manually for responses while we're working to fix this.

On Monday the 3rd of March, around 5pm UTC (9am PT) users may experience a brief period of downtime while one of our underlying services is under maintenance.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Əgər kömək lazımdırsa lütfən yeni sual verin.

I am getting sec_error_extension_value_invalid - how do I fix this?

  • 3 cavab
  • 44 have this problem
  • 253 views
  • Last reply by cor-el

colin.crook
colin.crook
more options

Hi I recently installed an IBM IPS device which allows you to inspect SSL traffic. The way it does this is a sort of man in the middle and this means you need to download a certificate from the device and import it into your browsers. The process is detailed here for various browsers: http://www-01.ibm.com/support/docview.wss?uid=swg27039297.

Now this works for IE and Chrome and up until a recent update Firefox. I now get the error sec_error_extension_value_invalid.

Any idea on how to resolve this?

Hi I recently installed an IBM IPS device which allows you to inspect SSL traffic. The way it does this is a sort of man in the middle and this means you need to download a certificate from the device and import it into your browsers. The process is detailed here for various browsers: http://www-01.ibm.com/support/docview.wss?uid=swg27039297. Now this works for IE and Chrome and up until a recent update Firefox. I now get the error sec_error_extension_value_invalid. Any idea on how to resolve this?

Chosen solution

Very helpful. It looks as though the CA issued by the device (XGS 4100) doesn't conform. Remediation is to lower the version of Firefox back to 28.0 which is the last version listed in the support matrix.

Read this answer in context 👍 1

All Replies (3)

guigs
guigs
more options

Try this may have more information: https://blog.mozilla.org/security/201.../checking-compliance-status-with-updated-ca-certificate-policy/

colin.crook
colin.crook Question owner
more options

Seçilmiş Həll

Very helpful. It looks as though the CA issued by the device (XGS 4100) doesn't conform. Remediation is to lower the version of Firefox back to 28.0 which is the last version listed in the support matrix.

cor-el
cor-el
  • Top 25 Contributor
  • Moderator
more options

It is possible to disable this new feature by disabling libPKIX support, but of course this is not recommended for security and vulnerability reasons.

  • about:config page: security.use_mozillapkix_verification = false