Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

"The connection to the server was reset while the page was loading." when loading intranet HTTPS site

  • 2 Mbohovái
  • 1 oguereko ko apañuái
  • 1 Hecha
  • Mbohovái ipaháva g.kostov

more options

I just installed an Enterprise Root CA in Active Directory Integrated mode. I issued an certificate to one of our servers. Everything worked fine. IE 11 and Chrome have no problem opening my test intranet site. However Firefox keeps giving me this error:

  Secure Connection Failed
  The connection to the server was reset while the page was loading.
      The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
      Please contact the website owners to inform them of this problem.

I imported my Root CA certificate in Firefox but it didn't help. I played several times with certificate options while issuing the certificate, but none of them helped. In IE and Chrome my test site worked OK under all options.

The current options of test site's certificate are as follows:

Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:36 Valid to: 23.01.2019, 14:46 Subject: <my server's fqdn> Public key: RSA (2048 bits) Enhanced key usage: Server Authentication Subject Alternative Name: DNS=<my server's fqdn>&DNS=<my server's hostname> Key Usage: Digital Signature, Key Encipherment (a0)

My Root CA's certificate has these options:

Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:28 Valid to: 23.01.2019, 14:38 Subject: <my Root CA> Public key: RSA (2048 bits) Certificate template: CA Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)

The CA, Test web server, and Firefox browser are all on the same Windows 2012 R2 machine. I tried Firefox browser on two other computers - no difference. Server's security protocols are configured (using IIS Crypto 2.0) as follows:

 Protocols: TLS 1.0, TLS 1.1, TLS 1.2
 Ciphers: 3DES 168, AES 128, AES 256
 Hashes: SHA256, SHA384, SHA512
 Key Exchanges: Diffie-Hellman, PKCS, ECDH

Since mots of user's at my place prefer Firefox, I have to find a solution for this problem before launching my CA in production. So your cooperation would be highly appreciated!

Best regards George

I just installed an Enterprise Root CA in Active Directory Integrated mode. I issued an certificate to one of our servers. Everything worked fine. IE 11 and Chrome have no problem opening my test intranet site. However Firefox keeps giving me this error: Secure Connection Failed The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I imported my Root CA certificate in Firefox but it didn't help. I played several times with certificate options while issuing the certificate, but none of them helped. In IE and Chrome my test site worked OK under all options. The current options of test site's certificate are as follows: Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:36 Valid to: 23.01.2019, 14:46 Subject: <my server's fqdn> Public key: RSA (2048 bits) Enhanced key usage: Server Authentication Subject Alternative Name: DNS=<my server's fqdn>&DNS=<my server's hostname> Key Usage: Digital Signature, Key Encipherment (a0) My Root CA's certificate has these options: Version: V3 Signature algorithm: sha512RSA Signature hash algorithm: sha512 Issuer: <my Root CA> Valid from: 23.01.2017, 14:28 Valid to: 23.01.2019, 14:38 Subject: <my Root CA> Public key: RSA (2048 bits) Certificate template: CA Key Usage: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) The CA, Test web server, and Firefox browser are all on the same Windows 2012 R2 machine. I tried Firefox browser on two other computers - no difference. Server's security protocols are configured (using IIS Crypto 2.0) as follows: Protocols: TLS 1.0, TLS 1.1, TLS 1.2 Ciphers: 3DES 168, AES 128, AES 256 Hashes: SHA256, SHA384, SHA512 Key Exchanges: Diffie-Hellman, PKCS, ECDH Since mots of user's at my place prefer Firefox, I have to find a solution for this problem before launching my CA in production. So your cooperation would be highly appreciated! Best regards George

Opaite Mbohovái (2)

more options

What cipher suite use the other programs and what cipher suites does the server offer to browsers?

If weak and unsafe cipher suites are supported then Firefox or possibly security software might terminate the connection.

more options

cor-el said

What cipher suite use the other programs and what cipher suites does the server offer to browsers? If weak and unsafe cipher suites are supported then Firefox or possibly security software might terminate the connection.

As i said in first question, server is configured to use 3DES 168, AES 128, AES 256. Chrome reports "AES_256_GCM" as used cipher.

Meanwhile I tried to reproduce the problem on another Intranet server, and it worked fine there. I requested certificate with the same options from the same CA, and when installed it worked fine with Firefox too. I'll investigate to find differences between two servers, but in general the problem is most likely in server configuration. The fact that only Firefox was affected led me to search resolution here, but obviously there is another reason in the server which had to be found yet.

Thanks for cooperation.

Moambuepyre g.kostov rupive