GitLab - Firefox 上的安全连接失败错误
GitLab - Secure Connection Failed error on firefox
最近我在 Linux 系统上重新安装了 GitLab 应用程序。当我尝试在 Windows 系统的 Firefox 浏览器上访问我的 GitLab 应用程序 link (https://gitlab.domain.com) 时,出现以下错误。
由于新生成的证书与 existing/previous 证书冲突,所以我遵循了这个 Link 解决方法。然而,即使在系统重启后也发生同样的错误,我无法在 Firefox 浏览器上访问我的 GitLab 应用程序。
我可以在 Chrome 浏览器上访问它,没有任何问题。
请告诉我还需要在哪里清除旧证书才能使其在 Firefox 上运行?
这似乎与 issue 435013 reported 13 years ago (and still open), where Firefox has an issue with routers and NSS (Network Security Services) (error -8054)
中的错误相同
As I understand it, and from the discussion on #312732 which is the underlying issue, the problem is that the crypto uses the cert ID as a unique key in a database.
When a dupe is encountered, you can't have two primary keys in a database, so it just dies with a fatal error, hence FireFox gives up connecting to the site and passes on the fatal error to be presented.
This is not a "fundamental NSS design issue", it's a political issue, Firefox is ACTIVELY refusing to let people access their network equipment.
同时检查您路由器的固件:
It seems to me that it is VERY EASY for the server-side products that
generate these certificates to more-or-less fix the problem in updated
firmware with very little effort. Even simply randomizing the serial numbers
in the certs, they would nearly completely eliminate the problem, AFAICT. In
fact, it is worth making sure that the affected server-side hardware has
up-to-date firmware, because some vendors might have already fixed it on
their end already.
可能的解决方法(即使在 FF 重启后也有效)
This is hardly any fix, but I installed a new Mozilla from scratch on a VM under Virtualbox.
I than browsed to all my local systems I was getting this error. On connecting from the new Window3s sytem running on VM to each local IP, I received the warning, and created the exception.
I than went in to Preferences>Advanced, and Exported all the certificates to a share on one of my NAS units.
I proceeded back to the broken Mozilla running on my Mac OS X 10.11.1, and I Imported all the certificates.
I then restarted FF, and connected to each device I was getting the error on, and I received the "This is an untrusted connection, Get me out of here, or would you like to create an exception." YES!!
I created the exception, and finally I could get to my firewalls, and all other local devices.
其他解决方法:
- Run:
firefox --no-remote --ProfileManager
- Create a new profile there.
- Open a new instance of Firefox using the new profile. To run Firefox with the profile you can use the command from 1. or:
firefox --no-remote -P profile_name
- Do the actions there as if it was a separate installation of Firefox
最近我在 Linux 系统上重新安装了 GitLab 应用程序。当我尝试在 Windows 系统的 Firefox 浏览器上访问我的 GitLab 应用程序 link (https://gitlab.domain.com) 时,出现以下错误。
由于新生成的证书与 existing/previous 证书冲突,所以我遵循了这个 Link 解决方法。然而,即使在系统重启后也发生同样的错误,我无法在 Firefox 浏览器上访问我的 GitLab 应用程序。
我可以在 Chrome 浏览器上访问它,没有任何问题。
请告诉我还需要在哪里清除旧证书才能使其在 Firefox 上运行?
这似乎与 issue 435013 reported 13 years ago (and still open), where Firefox has an issue with routers and NSS (Network Security Services) (error -8054)
中的错误相同As I understand it, and from the discussion on #312732 which is the underlying issue, the problem is that the crypto uses the cert ID as a unique key in a database.
When a dupe is encountered, you can't have two primary keys in a database, so it just dies with a fatal error, hence FireFox gives up connecting to the site and passes on the fatal error to be presented.
This is not a "fundamental NSS design issue", it's a political issue, Firefox is ACTIVELY refusing to let people access their network equipment.
同时检查您路由器的固件:
It seems to me that it is VERY EASY for the server-side products that generate these certificates to more-or-less fix the problem in updated firmware with very little effort. Even simply randomizing the serial numbers in the certs, they would nearly completely eliminate the problem, AFAICT. In fact, it is worth making sure that the affected server-side hardware has up-to-date firmware, because some vendors might have already fixed it on their end already.
可能的解决方法(即使在 FF 重启后也有效)
This is hardly any fix, but I installed a new Mozilla from scratch on a VM under Virtualbox.
I than browsed to all my local systems I was getting this error. On connecting from the new Window3s sytem running on VM to each local IP, I received the warning, and created the exception.I than went in to
Preferences>Advanced, and Exported all the certificates to a share on one of my NAS units.I proceeded back to the broken Mozilla running on my Mac OS X 10.11.1, and I Imported all the certificates.
I then restarted FF, and connected to each device I was getting the error on, and I received the "This is an untrusted connection, Get me out of here, or would you like to create an exception." YES!!
I created the exception, and finally I could get to my firewalls, and all other local devices.
其他解决方法:
- Run:
firefox --no-remote --ProfileManager- Create a new profile there.
- Open a new instance of Firefox using the new profile. To run Firefox with the profile you can use the command from 1. or:
firefox --no-remote -P profile_name- Do the actions there as if it was a separate installation of Firefox