1. Home
  2. Support and Documentation
  3. Firefox issue – Secure Connection Failed

Firefox issue – Secure Connection Failed

If you are using firefox and failing to reach services like BrightView or the user portal with an error of “Secure Connection Failed” with an error code similar to one of the following.

NOTE: This issue likely applies to other browsers as well since they have client certificate functions. We are working to document them better.

  • SSL_ERROR_BAD_CERT_ALERT
  • SSL_ERROR_UNKNOWN_CA_ALERT

This problem comes from the automatic behavior of Firefox browser when a user certificate is present in the client browser.

Example

This indicates that firefox has sent an invalid client certificate to the server.

Option 1: Clear the login cache and cancel certificate requests

  1. Open the history and select “clear recent history”

2. Clear “Active Logins”

3. You may now refresh the site and select “Cancel” for requests to select a certificate. Note, you may need to select cancel several times before the site loads.

Option 2: Remove offending certificate

You can go into the certificate manager to remove certificates that are no longer needed, please be careful as this certificate may be necessary for other sites. Pay close attention to the Issued by field since that will indicate who has issued the certificate.

Option 3: Create valid user certificate

You can create a valid certificate from the files in your home directory that can loaded into firefox with the following steps.

# ls -al .cm
total 84
drwxr-xr-x  3 root root    72 Apr  5 10:03 .
dr-xr-x--- 18 root root  4096 Aug 20 22:51 ..
-rw-------  1 root root  1704 Apr  5 08:59 admin.key
-rw-------  1 root root  1261 Apr  5 08:59 admin.pem
drwx------  2 root root     6 Apr  5 08:59 cmsh
-rw-------  1 root root 72806 Aug 20 17:02 .cmshhistory

NOTE: the files will be named admin.pem/admin.key or may also be named cert.pem/cert.key for some users

# openssl pkcs12 -inkey .cm/admin.key -in .cm/admin.pem -export -out admin.pfx                                                                                                                        
Enter Export Password: XXXXXXXX
Verifying - Enter Export Password: XXXXXXX

The resulting .pfx file can be transferred to the client system and imported into the certificate list. Once imported you may select it from the drop-down list. When selecting the proper certificate the Issue should match the information on the Bright head node that you are connecting with.

Issued by: CN=my-head-node,OU=None,O=None,L=None,ST=None,C=US
Updated on August 25, 2021

Was this article helpful?

Related Articles

Leave a Comment