Forcepoint certificate import fails
We use Forcepoint web filtering at work. It uses a CA certificate that needs to be imported into the browsers everyone uses in order for the filtering to work properly. Prior to version 50, this was not a problem.
After upgrading to ver. 50+ of firefox, though, the certificate no longer imports. We have been in contact with Forcepoint customer service for several weeks now and they seem to think this is a problem with the Firefox certificate store.
What changed from version 49 to 50 that would cause this problem? If we roll back to version <50, it imports again.
Wšykne wótegrona (5)
Is any error message displayed during the import process, or is it simply not saved?
Do you see any messages in the Browser Console? You can open that using either:
- Ctrl+Shift+j
- Developer menu
Fingers crossed you'll find more clues.
moldyspore said
What changed from version 49 to 50 that would cause this problem? If we roll back to version <50, it imports again.
There are thousands of changes in each major release, so if something is not a "headline" change, it can take some serious digging in Bugzilla to uncover them (I'm sure the people involved in release management have a shortcut). Also, for searching purposes, it may not be specific to importing. There may be some more general issue (like SHA-1 deprecation in recent versions) affecting the particular certificate.
I see that Forcepoint web filtering in a continuation of Websense.
jscher2000 said
Is any error message displayed during the import process, or is it simply not saved? Do you see any messages in the Browser Console? You can open that using either:Fingers crossed you'll find more clues.
- Ctrl+Shift+j
- Developer menu
When trying to import the certificate, this error shows in the browser console:
'09:00:00.598 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile] 1 certManager.js:492 addCACerts chrome://pippki/content/certManager.js:492:5 oncommand chrome://pippki/content/certManager.xul:1:1 gAdvancedPane.showCertificates chrome://browser/content/preferences/in-content/advanced.js:754:5 bound self-hosted
Just another quick note, the same certificate that fails to import into Firefox imports properly into the Windows Cert Store (IE and Chrome) without error. Firefox is the only issue we have right now.
Let me know if I can provide any further information!
Is it possible to attach/provide the certificate to reproduce the issue ourself?