Opened 12 years ago

Closed 11 years ago

#1754 closed task (wontfix)

gnutls self signed certificates do not work with firefox 3 (pre-beta 3)

Reported by: yi Owned by: yi
Priority: major Milestone: sage-duplicate/invalid/wontfix
Component: documentation Keywords: gnutls https ssl
Cc: Merged in:
Authors: Reviewers:
Report Upstream: Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

Using the latest beta version of firefox 3, if one tries to connect to the notebook via ssl, the following happens as outlined in the screenshots.

Attachments (3)

firefox_gnutls_1.png (65.3 KB) - added by yi 12 years ago.
What happens when you connect to the notebook server.
firefox_gnutls_2.png (37.2 KB) - added by yi 12 years ago.
Security dialogue box
firefox_gnutls_3.png (28.0 KB) - added by yi 12 years ago.
Error message

Download all attachments as: .zip

Change History (10)

Changed 12 years ago by yi

What happens when you connect to the notebook server.

Changed 12 years ago by yi

Security dialogue box

Changed 12 years ago by yi

Error message

comment:2 Changed 12 years ago by mabshoff

Any self signed certificate causes issues with FF 3B4. So I don't think this has anything to do with Sage or GNUTLS. The solution is to add an exception rule so that firefox will access the site.

I don't consider this a bug since it is a Firefox issue. The workaround needs to be documented and then this issue will be closed.

Cheers,

Michael

comment:3 Changed 12 years ago by edrex

In general, self-signed certs can be in FF3 used by adding an exception. Certain certs (such as those generated by gnutls (openssl also?) for sage) result in the error above when attempting to add an exception. Either this is a Firefox 3 bug or it is a legitimate (but undocumented) tightening of standards for certs. The FF team needs to decide which is the case and either fix the bug or document the changes in criteria for certs.

Right now, the workaround is to use "sage -inotebook".

comment:4 Changed 12 years ago by yi

I just tried adding a security exception in Firefox 3 Beta 5 and it seems to work correctly (i.e., the firefox team fixed adding security exceptions of self-signed certificates).

comment:5 Changed 12 years ago by edrex

  • Component changed from notebook to documentation
  • Type changed from defect to task

I'm also able to add an exception with FF3B5. The procedure for adding an exception to FF3 is non-obvious so perhaps it should be in the documentation (Wiki FAQs?). Changing to a documentation issue.

Q: When I try to access the notebook using Firefox 3 I receive an error message: {{{localhost:8000 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. The certificate is not valid for any server names.

(Error code: sec_error_unknown_issuer)}}}

A: Add a certificate exception:

# Open the Firefox preferences # Go to the _Advanced/Encryption_ tab. # Click _View Certificates_ # In the _Servers_ tab, click _Add Exception..._ # Paste the URL for your notebook , eg https://localhost:8000/

comment:6 Changed 11 years ago by yi

Can someone close this now? You can add exceptions with firefox 3 (officially released today) now.

comment:7 Changed 11 years ago by mabshoff

  • Milestone changed from sage-3.2.1 to sage-duplicate/invalid
  • Resolution set to wontfix
  • Status changed from new to closed

Yep, this is closed as wontfix.

Cheers,

Michael

Note: See TracTickets for help on using tickets.