Ubuntu
firefox package

sec_error_inadequate_key_usage

Bug #234282 reported by Ali Servet Donmez
4
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Undecided
vaidasz11

Bug Description

Binary package hint: firefox

Ubuntu release: 8.04 (Hardy)

Package: firefox-3.0~b5+nobinonly-0ubuntu3

Trying to access some site and get following error page:

# BEGIN (not included in error)

Secure Connection Failed

An error occurred during a connection to ***.

Certificate key usage inadequate for attempted operation.

(Error code: sec_error_inadequate_key_usage)

The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

    * Please contact the web site owners to inform them of this problem.

# END (not included in error)

This error won't show up with Firefox 2.0.0.14 which I'm using on a Windows installed system and I couldn't find a way to add an exception for this, so I'm stuck.

Tried with Firefox3.0rc1 on Windows, again, and here's the error page:

# BEGIN (not included in error)

Secure Connection Failed

*** uses an invalid security certificate.

The certificate is not trusted because it is self signed.

The certificate is only valid for the following names:

  *** , ***

(Error code: sec_error_ca_cert_invalid)

    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

Or you can add an exception…

# END (not included in error)

... which is a different scenario as you can see: "sec_error_inadequate_key_usage" vs "sec_error_ca_cert_invalid".

In 3.0rc1 you can add an exception and you're done, _but_ in 3.0~b5 you seem to be stuck there, fear not: There's a workaround for this. You could export and then import certificate manually. [1]

Once you've done that reload page and error page become this:

# BEGIN (not included in error)

Secure Connection Failed
*** uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is not valid for any server names.
(Error code: sec_error_untrusted_cert)
    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Or you can add an exception…

# END (not included in error)

... and then you can add an exception to get this thing work.

--

[1]: http://stoa.usp.br/leitao/weblog/22172.html

Revision history for this message
Id2ndR (id2ndr) wrote :

So just add the repository "deb http://ppa.launchpad.net/fta/ubuntu hardy main" and upgrade to FF3 RC1.
I think firefox 3 package will be update when firefox3 will be released.

Revision history for this message
Alexander Sack (asac) wrote :

please dont use fta archive, nor advice people to use it unless you are sure the user you send this advice to is capable of running preview packages.

FWIW, RC1 bits should be in hardy-proposed now.

Revision history for this message
Alexander Sack (asac) wrote : Re: [Bug 234282] [NEW] sec_error_inadequate_key_usage

On Fri, May 23, 2008 at 10:22:44AM -0000, Ali Servet Dönmez wrote:
> Public bug reported:
>
> Binary package hint: firefox
>
> Ubuntu release: 8.04 (Hardy)
>
> Package: firefox-3.0~b5+nobinonly-0ubuntu3
>
>
> Trying to access some site and get following error page:

There is a link in the bottom of the page. you can click it and there
you will have a button to add an exception ...

 status invalid

 - Alexander

Changed in firefox:
status: New → Invalid
Revision history for this message
Ali Servet Donmez (exalted) wrote :

@Alexander: That's not true for firefox-3.0~b5+nobinonly-0ubuntu3. That's why I mentioned about that workaround on my bug report. It could have been already fixed in 3.0~rc1+nobinonly-0ubuntu0.8.04.1 though, I don't know...

Revision history for this message
Alexander Sack (asac) wrote : Re: [Bug 234282] Re: sec_error_inadequate_key_usage

On Wed, Jun 11, 2008 at 01:08:18PM -0000, Ali Servet Dönmez wrote:
> @Alexander: That's not true for firefox-3.0~b5+nobinonly-0ubuntu3.
> That's why I mentioned about that workaround on my bug report. It could
> have been already fixed in 3.0~rc1+nobinonly-0ubuntu0.8.04.1 though, I
> don't know...
>

please test. those bits should be on your hardy-updates mirror
already.

 status incomplete

 - Alexander

Changed in firefox:
status: Invalid → Incomplete
Revision history for this message
Ali Servet Donmez (exalted) wrote :

I confirm that with firefox (version 3.0~rc1+nobinonly-0ubuntu0.8.04.1) this problem is gone.

Revision history for this message
Rui Boon (ruiboon) wrote :

This bug report is being closed due to your last comment regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status . Thank you again for taking the time to report this bug and helping to make Ubuntu better. Feel free to submit any future bugs you may find.

Changed in firefox:
status: Incomplete → Invalid
Emmet Hikory (persia)
Changed in firefox:
status: Invalid → Fix Released
Revision history for this message
Rui Boon (ruiboon) wrote :

Sorry, this should be marked as fix released instead of invalid, as this was not due to user config issues.

Revision history for this message
Ali Servet Donmez (exalted) wrote :

@Rui: Yeah, I didn't want to warn for the second time, thanks for the status change.

vaidasz11 (vbronaldo26)
Changed in firefox (Ubuntu):
assignee: nobody → vaidasz11 (vbronaldo26)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.