On Thu, 2015-04-23 at 13:11 -0700, rebecca.c...@gmail.com wrote: > Accessing https site that is used by the entire state of Indiana. My > office is apparently the only office that cannot access the site. Well, > that is to say, half of my office cannot access the site, the other > half can access it with no problem. All are using Firefox 36.0.4, all > were previously able to access the site. > > I no longer see a "security.use_mozillapkix_verification" setting in > about:config - what is preventing some firefox users from accessing > this site?
Hello Rebecca, the setting security.use_mozillapkix_verification has been removed, I believe it's gone since Firefox 32. Since then, Firefox only uses the new code. You say you aren't able to access that site. First, it means that site isn't following best practices. If the entire state of Indiana is required to use that site, then it would be very good to fix that site. Is it a public Internet site, or some internal/intranet site? Is my assumption correct, that you cannot access the site, because you are unable to "add an override", like Firefox usually allows with other bad sites? There was a regression bug in Firefox 36 which made it impossible to "add an override" for certain scenarios that result in the ca_cert_invalid error message. (That was https://bugzilla.mozilla.org/show_bug.cgi?id=1138332 ) Unfortunately, it was too late to get that bug fixed in Firefox 36. However, Firefox 37, which was released end of March 2015, contained a fix for this issue. Are you able to upgrade to Firefox 37 and see if it fixes your issue? If it doesn't, then could you please send us additional information about the server? If it's a server on the public Internet, then we'd need to know the server address (www...), or, if it's an Intranet server, then someone would have to save a copy of the certificates used by the server, which can be retrieved by running diagnostic utilities. Let us know if you'd like to have instructions on how to do that. Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
