sec_error_untrusted_issuer and can't add exception on every https (ssl) site!

Fri, 06/19/2009 - 09:18 — patrickdrd

When going to ANY https(ssl) URL I get a dialog box with the following message:

Secure Connection Failed
sitename uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is not trusted.

(Error code: sec_error_untrusted_issuer)

When I click on add exception, it says
"Unable to obtain identification status for the given site"

Is there any way to bypass this?

Thanks in advance!

Bugs

Fri, 06/19/2009 - 10:43 — proxyservice

There is no reason to bypass

There is no reason to bypass this. You should be very careful accessing web sites which pretend to have valid secure certificate. For example if you visit https://www.paypal.com I am hundred percent sure you won't get this error.

Fri, 06/19/2009 - 10:49 — patrickdrd

well ok...

https://www.paypal.com works just fine,
but when trying with other (legitimate) site I was able to add an exception before using foxyproxy,
now that I'm using it, I can't add

Fri, 06/19/2009 - 11:00 — patrickdrd

https://leahscape.com/

for example

https://leahscape.com/

doesn't work and the problem is that I can't add the exception :-(

("Unable to obtain identification status for the given site")

Fri, 06/19/2009 - 11:06 — patrickdrd

screenshots

http://i40.tinypic.com/15672hv.jpg

http://i43.tinypic.com/ipcgm9.jpg

http://i44.tinypic.com/140w28p.jpg

Fri, 06/19/2009 - 12:11 — proxyservice

Can you please try

Can you please try https://www.leahscape.com/

Fri, 06/19/2009 - 13:20 — patrickdrd

doesn't work either

same problem(s) :-(

Sun, 06/21/2009 - 02:46 — ericjung

Patrick, You should be very

Patrick,

You should be very careful. You almost certainly have a compromised computer. You are likely being subjected to a man-in-the-middle attack via a virus, trojan horse, rootkit, or some other malware. It could also be the proxy server(s) you are using injecting a MITM attack in your web requests.

Eric

Sun, 06/21/2009 - 12:09 — patrickdrd

no

this is not the case,
but sth strange happens,
it's due to firefox 3 new way of identifying the certificate issuer,
i.e. somehow, the bank I work for now,
issues it's name for each and every certificate,
I mean takes over the certificate issuer and puts the bank as the issuer,
but, before using foxyproxy I was able to bypass that and add the certificate as an exception,
after that, I cannot add the exception, I don't have the right to,
if you want you can check this link too:

http://forums.mozillazine.org/viewtopic.php?f=38&t=911375

Wed, 10/28/2009 - 12:19 — Byrd

Impossible to add an exception to auto signed certificate

All is in the title, I have the same problem when Foxyproxy Plus is installed but only for self signed certificate websites, other work fine (ex: paypal etc.)
example : https://svn.electricmonk.nl/
First I get : http://img194.yfrog.com/img194/35/prtscrcapturec.jpg
and then it's impossble to retrieve the certificate to add the exception : http://img692.yfrog.com/img692/6729/ajoutduneexceptiondescu.jpg
If I uninstall Foxyproxy Plus the problem is solved I can add an exception.
It's very annoying, thanks for your help

Fri, 11/06/2009 - 16:11 — ericjung

Thanks for reporting this.

Thanks for reporting this. In the meantime, you don't need to uninstall FoxyProxy Plus. You should be able to just "disable" it. I know that is annoying. I am researching the issue and will fix it if possible.

Thanks,
Eric

Mon, 02/08/2010 - 15:45 — jcolson

any updates for this bug?

Doing a lot of web development and using self-signed certs a lot makes this a real pain ... any updates on this?

Thu, 02/11/2010 - 04:37 — ericjung

I cannot replicate this

I cannot replicate this problem. If I set FoxyProxy to "Use Proxy XXXXXX for all URLs", then I can successfully view and accept the self-signed certificate at https://svn.electricmonk.nl.

Can you please post your foxyproxy.xml file or email it to me? Unless I can reproduce the bug, I cannot fix it.

Thanks,
Eric

Thu, 02/11/2010 - 18:09 — jcolson

foxyproxy.xml

below is the foxyproxy.xml --- and i am using squid as the proxy server

<?xml version="1.0" encoding="UTF-8"?>

<foxyproxy mode="patterns" selectedTabIndex="0" proxyDNS="false" toolsMenu="true" contextMenu="true"

advancedMenus="false" previousMode="disabled" resetIconColors="true" useStatusBarPrefix="true">

<logg enabled="false" maxSize="500" noURLs="false"

header="<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><link rel="icon" href="http://foxyproxy.mozdev.org/favicon.ico"/><link rel="shortcut icon" href="http://foxyproxy.mozdev.org/favicon.ico"/><link rel="stylesheet" href="http://foxyproxy.mozdev.org/styles/log.css" type="text/css"/></head><body><table class="log-table"><thead><tr><td class="heading">${timestamp-heading}</td><td class="heading">${url-heading}</td><td class="heading">${proxy-name-heading}</td><td class="heading">${proxy-notes-heading}</td><td class="heading">${pattern-name-heading}</td><td class="heading">${pattern-heading}</td><td class="heading">${pattern-case-heading}</td><td class="heading">${pattern-type-heading}</td><td class="heading">${pattern-color-heading}</td><td class="heading">${pac-result-heading}</td><td class="heading">${error-msg-heading}</td></tr></thead><tfoot><tr><td/></tr></tfoot><tbody>"

row="<tr><td class="timestamp">${timestamp}</td><td class="url"><a href="${url}">${url}</a></td><td class="proxy-name">${proxy-name}</td><td class="proxy-notes">${proxy-notes}</td><td class="pattern-name">${pattern-name}</td><td class="pattern">${pattern}</td><td class="pattern-case">${pattern-case}</td><td class="pattern-type">${pattern-type}</td><td class="pattern-color">${pattern-color}</td><td class="pac-result">${pac-result}</td><td class="error-msg">${error-msg}</td></tr>"

footer="</tbody></table></body></html>"/>

<autoadd enabled="false" temp="false" reload="true" notify="true" notifyWhenCanceled="true"

prompt="true">

<match enabled="true" name="Dynamic AutoAdd Pattern" pattern="*://${3}${6}/*"

isRegEx="false" isBlackList="false" isMultiLine="false" caseSensitive="false"/>

<match enabled="true" name="" pattern="*You are not authorized to view this page*"

isRegEx="false" isBlackList="false" isMultiLine="true" caseSensitive="false"/>

</autoadd>

<quickadd enabled="false" temp="false" reload="true" notify="true" notifyWhenCanceled="true"

prompt="true">

<match enabled="true" name="Dynamic QuickAdd Pattern" pattern="*://${3}${6}/*"

isRegEx="false" isBlackList="false" isMultiLine="false" caseSensitive="false"/>

</quickadd>

<proxy name="xxxxx" id="1480639246" notes="My external proxy" enabled="true"

mode="manual" selectedTabIndex="1" lastresort="false" animatedIcons="true"

includeInCycle="true" color="#65BAD7">

<match enabled="true" name="*.*" pattern="https?://([a-zA-Z0-9]|-|\.)*(/.*)?"

isRegEx="true" isBlackList="false" isMultiLine="false" caseSensitive="false"/>

<match enabled="true" name="rfc 1918"

pattern="https?://(10\.[0-9]|[1-9][0-9]|[1-2][0-5][0-5]\.[0-9]|[1-9][0-9]|[1-2][0-5][0-5]\.[0-9]|[1-9][0-9]|[1-2][0-5][0-5]).*"

isRegEx="true" isBlackList="true" isMultiLine="false" caseSensitive="false"/>

<match enabled="true" name="XXXX"

pattern="https?://.*\.(xxxxx|yyyyy|zzzzz)\.(com|net).*"

isRegEx="true" isBlackList="true" isMultiLine="false" caseSensitive="false"/>

</matches>

<match enabled="true" name="All" pattern="*" isRegEx="false" isBlackList="false"

isMultiLine="false" caseSensitive="false"/>

</ippatterns>

<autoconf url="" loadNotification="true" errorNotification="true" autoReload="false"

reloadFreqMins="60"/>

<manualconf host="xxxxx" port="3128" socksversion="5" isSocks="false"

username="xxxxx" password="xxxxx" domain=""/>

</proxy>

<proxy name="Default" id="2312856806"

notes="These are the settings that are used when no patterns match a URL."

enabled="true" mode="direct" selectedTabIndex="0" lastresort="true"

animatedIcons="false" includeInCycle="true" color="#65BAD7">

<match enabled="true" name="All" pattern="*" isRegEx="false" isBlackList="false"

isMultiLine="false" caseSensitive="false"/>

</matches>

<match enabled="true" name="All" pattern="*" isRegEx="false" isBlackList="false"

isMultiLine="false" caseSensitive="false"/>

</ippatterns>

<autoconf url="" loadNotification="true" errorNotification="true" autoReload="false"

reloadFreqMins="60"/>

</proxy>

</proxies>

</foxyproxy>

Fri, 02/12/2010 - 07:40 — Byrd

Their SSL has changed since

Their SSL has changed since I posted their site.
But with https://electricmonk.nl/ I am still unable to add an exception even the url isn't in a proxy list. But I can do that when I disable Foxyproxy in the extension manager (no effect if I just disable it while it's still active).
Other sites for example :
https://www.renfe.es/ , https://btmusic.eu
The only solution I've found is to add the exception in safe mode and to relaunch.

Fri, 02/12/2010 - 15:18 — jcolson

I have the same issue with

I have the same issue with those sites.

Thu, 02/18/2010 - 15:28 — jcolson

foxyproxy plus

Come to think of it, I NEVER had this problem until I paid for and installed foxyproxy *plus* ... Any word on this? Can you still not reproduce?? FYI: I am on a Mac

Thu, 02/11/2010 - 18:08 — jcolson

nada

Thu, 02/18/2010 - 15:03 — stjopa

seconding this

Hello, i also have this bug, which is EXTREMELY annoying!
I use Foxyproxy Plus and can't access any https site because the add exception button is greyed out permanently on
sec_error_untrusted_issuer
messages.
I am able to work around this issue on public (internet-accessible) sites using the "perspectives"-extension, which automatically adds exceptions.
For internal sites, however, i have no means to solve this but to either
a) disable foxyproxy plus
b) use internet explorer.
Please fix this.

Fri, 02/19/2010 - 18:25 — ericjung

I've opened a bug with the

I've opened a bug with the Mozilla folks to help me figure out how to fix this. https://bugzilla.mozilla.org/show_bug.cgi?id=547158

Sun, 02/21/2010 - 19:09 — patrickdrd

problem persists for me too

problem persists for me too and the only way to get around this is use internet explorer for https sites :-(
apart from that, I can't even validate my licence (I have paid for foxyproxy plus),
cause I think it's a https url as well,
I hope we can see a solution soon,
if you want me to post any debug info or the xml file, plz tell me

Mon, 02/22/2010 - 17:42 — ericjung

Hi, I have found the problem

Hi,

I have found the problem and am working on a fix.

Eric

Tue, 02/23/2010 - 20:49 — patrickdrd

thanx

ericjung wrote:

Hi, I have found the problem and am working on a fix. Eric

thanx eric, we are looking forward to that :-)

Mon, 02/22/2010 - 18:46 — stjopa

Hi Eric, i read through the

Hi Eric,

i read through the bugzilla bug report.

Using both Foxy Proxy Standard and Foxy Proxy Plus,
i have to add that this behaviour is only appearing in Foxy Proxy PLUS and NOT in the standard version.

(since the dev guys seem to have tested the standard one according to the irc log ;))

If there is any debug output i can submit dont hesitate to leave a message here.

Mon, 02/22/2010 - 19:44 — ericjung

ok

Wed, 02/24/2010 - 03:28 — ericjung

Fixed in FoxyProxy Plus

Fixed in FoxyProxy Plus 3.3.2. Please upgrade.

How to play video with proxy servers

foxyproxy THESE FORUMS ARE CLOSED. NEW FORUMS AT FORUMS.GETFOXYPROXY.ORG

User login

Navigation