Here's an interesting workaround to a problem I had been having that has been causing me ssl connection headaches in Firefox for years. Here is a description of the problem:
I try to connect to an SSL encrypted page in Firefox and that page generates a certificate warning. What should normally occur (and it used to work) is that you'd get greeted with the "Untrusted Connection" page where you have various buttons to view the certificate, confirm the security exception, or cancel. The problem I've been experiencing is that the Confirm Security Exception button remains disabled and would also show an error message: sec_error_expired_issuer_certificate. There was nothing I could do to get Firefox to accept the cert—not even importing the certificate manually.
I'm not going to claim that this is the fix for all instances but in my case, the ssl warning for the BigIP Admin Console I was failing to connect to was generated for three separate reasons:
- The ssl certificate was self-signed
- The ssl certificate was expired
- I was connecting to the host using its IP address instead of the hostname—the hostname being the common name of the certificate.
However, this wasn't the only set of circumstances where I was having the problem as I was also experiencing it simply connecting to a site using a self-signed cert, (valid date, valid common name).
So, if this happens to be happening to you, the first thing to try is Restart with Add-Ons Disabled, if you can, then try connecting again. Assuming you are then able to successfully connect and the Confirm Security Exception button works, the problem seems to be related to one of your installed Add-Ons.
In my case, the problem was the HTTPFox add-on option labeled "Automatically start watching when browser starts". During a recent round of the testing of various cache-control headers on a new site we were putting up, I enabled this option to save me a few steps in the testing process. As soon as I cleared this Autostart option, I was able to connect to ssl sites that generate warnings.
If you are viewing your Firefox about:config settings page, filter on "httpfox". If set to start automatically when firefox starts, you will find the following configuration setting:
user_pref("extensions.httpfox.StartAtBrowserStart", true);. Setting the value to "false" has the same effect as clearing the checkbox but once you restart the browser,
user_pref("extensions.httpfox.StartAtBrowserStart", false); will no longer appear in your about:config.