Red Hat Bugzilla – Bug 440423
[REHL5 U2] FireFox does not allow to override SEC_ERROR_INADEQUATE_KEY_USAGE
Last modified: 2008-05-21 10:25:08 EDT
Description of problem:
Looks like Firefox 3 isn't accepting self-signed certificates anymore - There
is no way to add this ip to the exception list that I have found.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Open this URL https://192.168.77.18/
"Secure Connection Failed
An error occurred during a connection to 192.168.77.18.
Certificate key usage inadequate for attempted operation.
(Error code: sec_error_inadequate_key_usage)
The page you are trying to view can not be shown because the authenticity of the
received data could not be verified.
* Please contact the web site owners to inform them of this problem."
I was able to open this prior to the FF3 update
I have just connected to a page with self-signed cert, it works in ff3 (same
I think the error refers to incorrect certificate usage (e.g. some certificates
are only valid for signing emails....), but i'm no expert on ssl. Perhaps try to
generate a new certificate for server usage ?
Did you connect to the host in "Steps to Reproduce". Were you able to create
an exception for this host https://192.168.77.18/
(In reply to comment #2)
> Did you connect to the host in "Steps to Reproduce". Were you able to create
> an exception for this host https://192.168.77.18/
this bug is supposed to be about self-signed certificates, which is not the case
here. Here the certificates is rejected because it is defective.
True self-signed certificates work without a hitch.
Ken, what do you think?
While related to SSL, the required fix is not at the NSS, but at the Firefox
We can try to get it fixed. See https://bugzilla.mozilla.org/show_bug.cgi?id=427081
Moving back to firefox
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.