I am trying to run some tests around these issues so If you do have any
tests that should be done I would be very happy to test the issues.
And I searched couple other things and it is not clear yet what is the
reason for all but the next firefox extention helps a lot:
https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/
It has an option to aviod Specific certs which are trusted if the rootCA
certificate was not compromosied yet... as a fact.
This is one reason to renew the certs every once in a while.
Eliezer
On 10/16/2013 08:11 AM, Eliezer Croitoru wrote:
I have two servers on two different networks which use ssl-bump.
They have different root-CA that was created on two different machines.
Both of them was installed into FIREFOX and now I am getting a warning
about the certificate but only on one machine while.. using The other
works fine.
So I am not sure what the source of the problem and how to solve it.
How would I start debuggin it at all?
the error message details from firefox:
#START
This Connection is Untrusted
You have asked Firefox to connect securely to mail.google.com, but we
can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place. However,
this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could
mean that someone is trying to impersonate the site, and you shouldn't
continue.
mail.google.com uses an invalid security certificate. The certificate is
not trusted because it was issued by an invalid CA certificate. (Error
code: sec_error_inadequate_key_usage)
If you understand what's going on, you can tell Firefox to start
trusting this site's identification. Even if you trust the site, this
error could mean that someone is tampering with your connection.
Don't add an exception unless you know there's a good reason why this
site doesn't use trusted identification.
##END
Thanks,
Eliezer
