Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Why was FireFox designed to be borderline unusable?

  • 5 replies
  • 2 have this problem
  • 5 views
  • Last reply by cor-el

xwray
xwray
more options

I just switched to FireFox after having been an IE user ever since Microsoft first released it.After using it for a week I am nearly ready to uninstall it and go back to IE. I'm wondering if there are others who share my opinion or am I just being unreasonable? I am hoping that this forum is monitored by developers who might comment.

Firefox desperately needs the ability to allow a user to deliberately temporarily override it's propensity to forbid access to a site because the site has a problem with it's security certificate. While I do appreciate the enhanced security FireFox offers we do not live in a perfect world and many (most?) sites have minor issues with their secure connection certificates. Other than this I am liking it but as long as this issue (for me) exists it's kinda like buying the car of your dreams and then discovering that all of the doors have been welded shut after you have taken delivery...you can admire the styling and sleek looks but you ain't going nowhere!

I realize FireFox probably will not view this as a bug since it is is following the "security specs" and working as designed but c'mon folks - allow the user some control...install an override button the user can select to temporarily visit the site as long as he is willing to take responsibility to do so.

I just switched to FireFox after having been an IE user ever since Microsoft first released it.After using it for a week I am nearly ready to uninstall it and go back to IE. I'm wondering if there are others who share my opinion or am I just being unreasonable? I am hoping that this forum is monitored by developers who might comment. Firefox desperately needs the ability to allow a user to deliberately temporarily override it's propensity to forbid access to a site because the site has a problem with it's security certificate. While I do appreciate the enhanced security FireFox offers we do not live in a perfect world and many (most?) sites have minor issues with their secure connection certificates. Other than this I am liking it but as long as this issue (for me) exists it's kinda like buying the car of your dreams and then discovering that all of the doors have been welded shut after you have taken delivery...you can admire the styling and sleek looks but you ain't going nowhere! I realize FireFox probably will not view this as a bug since it is is following the "security specs" and working as designed but c'mon folks - allow the user some control...install an override button the user can select to temporarily visit the site as long as he is willing to take responsibility to do so.

Chosen solution

The www.jscfcu.org has a correct certificate chain installed and should work without the need to add an exception.

You can inspect the certificate chain via a site like this:

Which security software (firewall, anti-virus) do you have?

Some monitor secure connections and send their own certificate.
Also make sure that the date and time on your computer are correct.

Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
You may need to remove or rename secmod.db (secmod.db.old) as well.

Read this answer in context 👍 1

All Replies (5)

Michael Verdi
Michael Verdi
more options

If you trust the site you can set an exception for it:

  1. On the warning page, click Or you can add an exception....
  2. Click Add Exception.... The Add Security Exception dialog will appear.
  3. Click Get Certificate.
  4. Click Confirm Security Exception if you want to trust the site.

This site isn't monitored by Firefox developers. If you want to give feedback for them use this link http://input.mozilla.org/feedback/

xwray
xwray Question owner
more options

Thanks for the response but at least in this case it does not work since there is no Or you can add an exception message displayed...the only displayed text is:


Secure Connection Failed


" An error occurred during a connection to www.jscfcu.org.

Peer's certificate has an invalid signature.

(Error code: sec_error_bad_signature) 

 The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
 Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site."

There is a Retry button but no exception button.

I tried the Options/Advanced/View Certificates/Add Exceptions/Get Certificate button sequence but get a "No information available" message.

Modified by xwray

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Chosen Solution

The www.jscfcu.org has a correct certificate chain installed and should work without the need to add an exception.

You can inspect the certificate chain via a site like this:

Which security software (firewall, anti-virus) do you have?

Some monitor secure connections and send their own certificate.
Also make sure that the date and time on your computer are correct.

Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
You may need to remove or rename secmod.db (secmod.db.old) as well.

xwray
xwray Question owner
more options

Thanks...that worked, at least for this site...I'll continue to try additional sites to ensure they are fixed too. Apparently this was also causing the exception button to not display. Is there a "short" explanation of why/how the file became corrupted and is this a common occurence with FireFox?

I use BitDefender now having just switched from ESET after 5-6 years...is it one of the AVs that sends it's own certs?

Many thanks for the help

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

ESET is one of the known programs to send their own certificate.

  • ESET setup -> advanced setup -> extend web and email tree -> SSL
    • SSL protocol: Do not scan SSL protocol
  • BitDefender -> Privacy settings -> disable Scan SSL