15 posts categorized "browsers"


Working Around the Firefox "Confirm Security Exception Button Disabled" Problem

Here's an interesting workaround to a problem I had been having that has been causing me ssl connection headaches in Firefox for years. Here is a description of the problem:

I try to connect to an SSL encrypted page in Firefox and that page generates a certificate warning. What should normally occur (and it used to work) is that you'd get greeted with the "Untrusted Connection" page where you have various buttons to view the certificate, confirm the security exception, or cancel. The problem I've been experiencing is that the Confirm Security Exception button remains disabled and would also show an error message: sec_error_expired_issuer_certificate. There was nothing I could do to get Firefox to accept the cert—not even importing the certificate manually.

I'm not going to claim that this is the fix for all instances but in my case, the ssl warning for the BigIP Admin Console I was failing to connect to was generated for three separate reasons:

  1. The ssl certificate was self-signed
  2. The ssl certificate was expired
  3. I was connecting to the host using its IP address instead of the hostname—the hostname being the common name of the certificate.

However, this wasn't the only set of circumstances where I was having the problem as I was also experiencing it simply connecting to a site using a self-signed cert, (valid date, valid common name).

So, if this happens to be happening to you, the first thing to try is Restart with Add-Ons Disabled, if you can, then try connecting again. Assuming you are then able to successfully connect and the Confirm Security Exception button works, the problem seems to be related to one of your installed Add-Ons.

In my case, the problem was the HTTPFox add-on option labeled "Automatically start watching when browser starts". During a recent round of the testing of various cache-control headers on a new site we were putting up, I enabled this option to save me a few steps in the testing process. As soon as I cleared this Autostart option, I was able to connect to ssl sites that generate warnings.

If you are viewing your Firefox about:config settings page, filter on "httpfox". If set to start automatically when firefox starts, you will find the following configuration setting: user_pref("extensions.httpfox.StartAtBrowserStart", true);. Setting the value to "false" has the same effect as clearing the checkbox but once you restart the browser, user_pref("extensions.httpfox.StartAtBrowserStart", false); will no longer appear in your about:config.


It Looks Like Firefox 4 Went Gold

I just wanted to post a short note about it but it looks as if Firefox 4 went gold today. All of a sudden, there is a TwitterParty and a Real Time Firefox 4 Download stats site up and running.  Head over to the main Mozilla site to grab your own or if you're running a beta or release candidate, you should be upgraded real soon!  Congratulations to the Firefox team!


SSL Certificate Warning of the Month: The Aquarium

In support of the recent 3.1 launch of GlassFish open source and commercial versions, The Aquarium is featuring a nice Download GlassFish 3.1 Final badge in the top right hand corner that, unfortunately, generates SSL warnings.  I'm preserving the target in the Download link in this article because I believe that the error will be corrected soon but people might be interested in seeing what was originally returned.  

The error is a simple Hostname Mismatch warning but with the rapid rate of change in most browsers, it's always interesting to me to see how browsers handle these types of warnings.

If there were a prize for 'prettiest error message', Safari would win:


Google Chrome provides similar information to what Safari provides but wraps it all up in an angry red:


Interestingly, from my standpoint as a web site administrator standpoint, Firefox wins here in that it is providing the most useful information:


All three browsers are good in that they pop up a warning that the hostname of the site does not match the common name on the certificate but Firefox goes the extra mile by showing *ALL* the valid hosts for this certificate.  Safari and Chrome display that the site name (glassfish.dev.java.net) does not match the certificate name (www.java.net) but this type of certificate is valid for more than just www.java.net.