Problem with ssl bump on Firefox 39+


(Adam S) #1

Hello, i have latest stable nethserver version - 6.7. I use Transparent proxy with SSL bump. When i use google chrome or internet explorer with https sites its all ok, but when i use firefox i have strange problem with this sites - i cannot open any https site (i upload ss with my proxy setup and firefox alert)


Facebook blocking
(Giacomo Sanchietti) #2

Have you installed the CA certificate inside Firefox?


(Adam S) #3

Hello. When i try open link to cert in backend nethserver (picture) then i get message “this cert is installed as CA”


#4

It’s the hsts that’s hanging you up, quick fix is to bypass that site in the proxy, specific to ff you could look around in about:config searching for ssl and tls to see about a specific setting for it. I’m not using ns for filtering so I don’t have anything available to test.


(Matteo Contoli) #5

I think something happened after the last update. I have the same problem now with firefox and it was working perfectly before the update.


(Matteo Contoli) #6

Well, I’ve tryed everything: uninstalled Firefox, deleted firefox profile, deleted cert8.db, reimported nethserver certificate…no way. Is there a solution? In Chrome it works perfectly…


(Adam S) #7

Yes i have same problem. In Chrome, chromium and IE its work perfect :frowning: but i use firefox :frowning: and i have problem becouse all ssl sites stop work ;/ I tried on many computers (linux mint, win7, 8 and 10) and allways its same problem.


(Giacomo Sanchietti) #8

I guess Mozilla added some extra checks…

See: https://support.mozilla.org/en-US/questions/1073420


(Adam S) #9

ok i try this but i can modify in my configure firefox but i have access point with free access and all users who connect must work with https too :frowning: i must do something in neth config to global use.


(Matteo Contoli) #10

I’ve Tried, but it does not work.


(Adam S) #11

Yes me too. Any idea ? Meybe its a bug?


(Rafael Tavares) #12

Import certificade to trusted root certification


(Adam S) #13

Where i can do it ? directly on system configs/program files ?


(Gabriel GHEORGHIU) #14


(Matteo Contoli) #15

Ok, maybe I found a solution.
If you import the certificate in firefox options it does not work so:

Go to your nethserver panel --> proxy web and right click your certificate link, then choose “open in a new window”

It will ask you to install the certificate with this window:

click “ok”

Then I got it working


(Adam S) #16

Thanks for all answers i will try this solutions but until Monday because now i don’t have access to neth panel.


(Adam S) #17

Ok i will check this solution and its work :), but first i delete old cert and import right click. Thanks Matteo_Contoli