Untrusted connection does not contain I understand the risks
Trying to access a site where the IP has changed and receive "This Connection is Untrusted" with no option to select I understand the risks. Need assistance in resolving this.
The site worked fine prior to IP change.
被選擇的解決方法
yes, sorry i did edit the second part of the question in, after i have submitted it.
normally the i know the risks section & the possibility of adding an exception should be available for this kind of error - could you check if it showing up at https://mur.at ? thank you...
從原來的回覆中察看解決方案 👍 2所有回覆 (20)
what error code is shown, when you click on technical details & can you share the site where this is happening?
由 philipp 於
Thanks for the quick reply. The error is (Error code: sec_error_untrusted_issuer
Didn't see the second part of the question. The site is restricted and requires a certificate as well as VPN connectivity from our internal network.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer.
You can see more Details like intermediate certificates that are used in the Details pane.
Some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.
選擇的解決方法
yes, sorry i did edit the second part of the question in, after i have submitted it.
normally the i know the risks section & the possibility of adding an exception should be available for this kind of error - could you check if it showing up at https://mur.at ? thank you...
cor-el - The problem is there is no link for "I Understand the Risks" That is the issue I am reporting and need assistance with. There is just get me out of here.
madperson - yes it does show at https://mur.at..with the ability to add the exception.
Thanks Danny
can you try to remove the old certificate/exception for this site in firefox > options > advanced > encryption > view certificates > servers & see if it's working afterwards?!
madperson - Tried that and no change. Closed and restarted the browser and still no difference.
ok, then another thing to test: go to firefox > help > troubleshooting information and open the profile directory (then close firefox). in the profile folder rename the files cert_override.txt & cert8.db to something like oldcert... & launch firefox again.
madperson - tried the last thing you suggested and still the same.
Danny
hello, is the site on a ipv6 adress? then bug #633001 might be at work here (although the problem describtion slightly differs from the problem you've described)
another thing to try would be launching firefox in safemode and to see if the "i understand the risk" section is showing up, to make sure that no addons are interfering.
Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems
or in case this fails too, you could try exporting the certificate on another working pc (again in in firefox > options > advanced > encryption > view certificates > servers) into a certificate file & import that again on your firefox.
Safemode did not make any difference. I am having the vendor for the site I am trying to access, which is really an appliance change the SSL cert on that device to see if that will make a difference. Amazing I can access it with I.E. and not Firefox. Will see if that makes a difference.
Will let you know how this progresses.
Thanks Danny
I have a very specific case where I can reproduce this - we basically have the browser pointing to one https URL, and an iframe on it pointing to a different https URL. The untrusted connection in the iframe does not have the "I understand the risks" option. This is a regression from the previous releases.
This is reproducible on FFox 13.0, cleanly installed on a fresh Windows 7 64bit.
I'll be happy to repost this as a new issue if you think it is unrelated to the one in this thread.
hey shrenikd, thank you for looking into the issue. did the regression occur when updating from firefox 12 to v13?
in case you can reproduce the issue, i'd recommend filing a bug report with a detailed description of the issue at https://bugzilla.mozilla.org so that the developers get aware of the issue directly.
Can you add an exception directly via the Certificate Manager?
- Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers
madperson: I just found out that this has already been filed - https://bugzilla.mozilla.org/show_bug.cgi?id=756841
I did not test v12 -> v13 since I didn't have a v12, but I clearly remember not hitting this issue on some previous version of Firefox (which unfortunately I don't remember).
cor-el: I opened the iframe in a new tab, added an exception under the "I understand the risks" section and the error didn't show up again as expected. However, the problem is not the error showing up (since it should when the cert is untrusted), but its the missing "I understand the risks" option.
由 cor-el 於
hello shrenikd & dtrager - apparently the hiding of the possibility to add exceptions in an iframe is by design in order to avoid fraudulent attempts to apply a certificate to users who think they are on a different page (see new comments on the bug).
@dtrager - in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.
@madperson - that helps as it allows access, however not able to add the exception permanently. So it is a work around for the moment until we can figure out what the issue is with the certificates.
Appreciate all of the assistance and suggestions.
Have a great day.
Danny
I have resolved this issue. What I had to do was the following:
right click on the iframe and select view frame info. Copy the address that is presented and add it to server certificates. It allows you to add the exception permanently.
Appreciate the assistance, suggestions etc.
Danny