?
Solved

Firefox Error "This Connection is Untrusted" for Gmail - Can't Access Page

Posted on 2011-10-13
8
Medium Priority
?
2,327 Views
Last Modified: 2012-05-12
Hi All,
I used to get this SSL error in the past and after saying "I Understand the Risks" I could use my gmail page.

Suddenly it has stopped working. The option "confirm security exception" is disabled so I can't do much. Same page works fine under IE.

I am using firefox 4.0.1

Thanks


DBA-000408.png
DBA-000409.png
0
Comment
Question by:crazywolf2010
8 Comments
 
LVL 11

Expert Comment

by:X_layer
ID: 36961139
Are date and time correct on your computer?
0
 
LVL 15

Expert Comment

by:DonConsolio
ID: 36961240
Press "[Get Certificate]" first, then you can add an exception.

verify the certificate if possible before accepting
0
 

Author Comment

by:crazywolf2010
ID: 36961396
Hi,
That is not possible here.
I used that earlier which worked but now that option is just not enabled. Please see attached images for details.

Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 36961471
From the menu click 'Start Private Browsing' then test the site again.
0
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 36961503
0
 

Author Comment

by:crazywolf2010
ID: 36961570
Hi,
Under Private Browsing it does work but then I can't use any of my other links.


Used link  http://weblogin.bu.edu/troubleshooting?cmd=ssl, results below.

Troubleshooting Web Login problems
Are we going through a proxy server? (help)

LINELINE
Your browser must pass each test shown below.
1       Are cookies enabled?       PASSED       (help)
2       Is JavaScript enabled?       PASSED       (help)
3       Does SSL encryption work?       PASSED       (help)
4       Do SSL addresses match non-SSL addresses?       PASSED       (help)
0
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 36961719
Hello crazywolf2010,

Unfortunately you are not alone with this problem. It has been reported and discussed on a few sites. Hopefully these can help:

    http://support.mozilla.com/en-US/questions/751415
    http://support.mozilla.com/en-US/questions/816705
    https://wiki.mozilla.org/Security:Renegotiation
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 36964050
A couple ideas to troubleshoot, in no particular order (noting crdmendozanet's post just above...):

1) Clear browsing history
2) Disable any add-ons (can always re-enable later)
3) Upgrade FF
4) Try another browser - IE, Opera, Chrome, Safari...
5) The error message says that the full certificate chain was not presented.  Normally the client will only trust the root and will not know about the rest of the CA servers - it gets this info from the server in most cases.  However, you can install the correct certificate into: Tools - Options - Advanced - Encryption - View Certificates - Authorities - Import - (specify the .cer or .crt certificate file).  To get this yourself, select the view certificate button on your exception screen - Details tab - Authority Information Access.  There should be a URL there - copy the entire file and paste it into your browser, then save the file that it asks you to.  This will be the certificate file to import.

I can't view mail.google.com from this location to give you the specific address, but if you get the same thing at https://www.google.com then it may be the same CA certificate.  Here is the link for the issuing certificate that I am seeing from there, issued from the root "Equifax Secure Certificate Authority"

Issuer: Google Internet Authority
http://www.gstatic.com/GoogleInternetAuthority/GoogleInternetAuthority.crt

** Note: Take care that you are not getting spoofed!  Look at the certificate link you are about to download.  Look at the certificate after downloading it before you install it - make sure it comes from a root CA that is already trusted (i.e. you do not receive warnings).  This could potentially result from an SSL "man-in-the-middle" attack using a fake certificate.  If you are not sure, post the download link here and if you downloaded it then post the thumbprint/fingerprint/hash value.  Make sure the issuer of the downloaded certificate was not 'DigiNotar'.

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts Exchange expands question security options for members.
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question