If you are using firefox and failing to reach services like BrightView or the user portal with an error of “Secure Connection Failed” with an error code similar to one of the following.
NOTE: This issue likely applies to other browsers as well since they have client certificate functions. We are working to document them better.
This problem comes from the automatic behavior of Firefox browser when a user certificate is present in the client browser.
This indicates that firefox has sent an invalid client certificate to the server.
Option 1: Clear the login cache and cancel certificate requests
- Open the history and select “clear recent history”
2. Clear “Active Logins”
3. You may now refresh the site and select “Cancel” for requests to select a certificate. Note, you may need to select cancel several times before the site loads.
Option 2: Remove offending certificate
You can go into the certificate manager to remove certificates that are no longer needed, please be careful as this certificate may be necessary for other sites. Pay close attention to the
Issued by field since that will indicate who has issued the certificate.
Option 3: Create valid user certificate
You can create a valid certificate from the files in your home directory that can loaded into firefox with the following steps.
# ls -al .cm total 84 drwxr-xr-x 3 root root 72 Apr 5 10:03 . dr-xr-x--- 18 root root 4096 Aug 20 22:51 .. -rw------- 1 root root 1704 Apr 5 08:59 admin.key -rw------- 1 root root 1261 Apr 5 08:59 admin.pem drwx------ 2 root root 6 Apr 5 08:59 cmsh -rw------- 1 root root 72806 Aug 20 17:02 .cmshhistory
NOTE: the files will be named admin.pem/admin.key or may also be named cert.pem/cert.key for some users
# openssl pkcs12 -inkey .cm/admin.key -in .cm/admin.pem -export -out admin.pfx Enter Export Password: XXXXXXXX Verifying - Enter Export Password: XXXXXXX
.pfx file can be transferred to the client system and imported into the certificate list. Once imported you may select it from the drop-down list. When selecting the proper certificate the
Issue should match the information on the Bright head node that you are connecting with.
Issued by: CN=my-head-node,OU=None,O=None,L=None,ST=None,C=US