When using Firefox 3+ to access the daemons secure browser interface, the following error is generated by RV: ‘ssl error: .\ssl\s3_pkt.c:1052:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca’

When using Firefox 3+ to access the daemons secure browser interface, the following error is generated by RV: ‘ssl error: .\ssl\s3_pkt.c:1052:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca’

book

Article ID: KB0087448

calendar_today

Updated On:

Products Versions
TIBCO Rendezvous -
Not Applicable -

Description

Resolution:
Environment:
= = = = = = =
Firefox version 3+

Resolution:
= = = = = = =
Mozilla Firefox Support has outlined the behavioral differences between Firefox versions 2 and 3, which is the cause of this issue:
--------------------------
“The problem that these router users are experiencing is due to the fact that FF3 remembers a certificate permanently (by default) when a user chooses to "add an exception", while FF2 only remembered a certificate for the duration of the browser process lifetime, by default.  So, the duplicate cert is now embedded in the user's cert DB (the place where it is "permanently" stored), where it will be found as a duplicate the next time the browser is used to contact another router with a bogus cert.”

--------------------------
(https://bugzilla.mozilla.org/show_bug.cgi?id=410622)

Mozilla has this known issue outlined in their Knowledge Base at the following URL:

http://support.mozilla.com/en-US/kb/Certificate+contains+the+same+serial+number+as+another+certificate

The above Solution describes a workaround, which does not involve any installation of add-ons by deleting the old exception and using temporary exceptions for subsequent visits to the page.

To delete your old exception:
1.    At the top of the Firefox window, click on the Tools menu, and select Options....
2.    Select the Advanced panel.
3.    Click on the Encryption tab.
4.    Click View Certificates to open the Certificate Manager window.
5.    In the Certificate Manager window click on the Servers tab.
6.    Click on the item that corresponds to the site that generates the error and press Delete....
7.    Click OK when prompted to delete the exception.
8.    Click on the Authorities tab.
9.    Click on the item that corresponds to the site that generates the error and press Delete....
10.    Click OK when prompted to delete the exception.
11.    Click OK close the Certificate Manager window.
12.    Click OK to close the Options window.

To add a temporary exception to allow access to the page:
1.    When you go to the page, you will be presented with an error. Click on the Or you can add an exception... link at the bottom of the error.
2.    Click on Add Exception... to open the Add Security Exception window.
3.    Click Get Certificate to fill in the Certificate Status section of the Add Security Exception window.
4.    Click to un-check the Permanently store this exception.

Note: The daemon's use of ephemeral ports for https (when one is not explicitly specified using the -https command line argument) causes a  problem with this workaround: each time the port changes (due to the daemon being stopped and restarted again for example) leads to the need to create another Firefox exception.

Issue/Introduction

When using Firefox 3+ to access the daemons secure browser interface, the following error is generated by RV: ‘ssl error: .\ssl\s3_pkt.c:1052:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca’