SSL Security Error: Difference between revisions
(Added other security errors section.) |
(added external links section, links to ssl error codes and NSS) |
||
| Line 18: | Line 18: | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=387480 Support network-fetched cert import in Servers tab of Cert Mgr ("Add Exception" dialog)] | * [https://bugzilla.mozilla.org/show_bug.cgi?id=387480 Support network-fetched cert import in Servers tab of Cert Mgr ("Add Exception" dialog)] | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=533744 Add security exception" dialog is useless] talks about the security exception not working due to a missing realhostname, and how you can get it to work by adding it. | * [https://bugzilla.mozilla.org/show_bug.cgi?id=533744 Add security exception" dialog is useless] talks about the security exception not working due to a missing realhostname, and how you can get it to work by adding it. | ||
==External Links== | |||
* [http://www.mozilla.org/projects/security/pki/nss/ Network Security Services (NSS)] | |||
* [http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1040263 SSL error codes] | |||
[[Category:Issues (Firefox)]] | [[Category:Issues (Firefox)]] | ||
Revision as of 00:26, 11 September 2010
This article applies to Firefox, Thunderbird, Mozilla Suite and SeaMonkey.
"Security Error: Domain Name Mismatch" occurs if you make a secure connection to a server whose domain does not match the domain name in the certificate it uses. This is to inform you that the site you are trying to connect to may not be the site you wanted. It may also occur when a site changes their domain name but doesn't buy a certificate for the new domain.
"Security Error: Server Certificate Expired" occurs if the site's certificate expiry date is later than your system date. This may be caused by your system having the incorrect time, or by the certificate genuinely being expired.
In both cases, you should make a judgment as to whether you still want to trust the server for what you want to use it for. For example, it may not be a good idea to send your credit card information to a site with either of these problems, but it may be acceptable for posting on a forum. If you trust the server, you can can get rid of the alert by installing the Remember Mismatched Domains extension for Firefox, Thunderbird 2.x, or SeaMonkey. It adds a "Don’t warn me again about this certificate for this domain" checkbox to the Domain Name Mismatch and Server Certificate Expired warning windows. Thunderbird 3 supports adding a security exception.
Other security errors
If you get an error message about the certificate being revoked (sec_error_revoked_certificate) that means that its invalid and should not be used.
Older versions of Thunderbird never checked whether the certificate was revoked. However, Thunderbird 3.1.2 and later do, so you may find when you upgraded all of a sudden your secure connection failed. You can disable checking whether its revoked by setting security.OCSP.enabled to 0 using the Config editor. It typically defaults to 1.
Since its your email provider that marked it as invalid, yet they're still using it, contact them and find out whats going on.
Related bugs
- Support network-fetched cert import in Servers tab of Cert Mgr ("Add Exception" dialog)
- Add security exception" dialog is useless talks about the security exception not working due to a missing realhostname, and how you can get it to work by adding it.
