SSL decryption issues with latest Firefox

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SSL decryption issues with latest Firefox

L4 Transporter

I'm having SSL decryption issues with the latest versions of Firefox.

In Firefox i get following error when visiting a https site:

Secure Connection Failed

An error occurred during a connection to live.paloaltonetworks.com. security library: improperly formatted DER-encoded message. (Error code: sec_error_bad_der)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.

Seems to be related to how Firefox handles certificates, requiring them to be more secure (number of bits and encryption algorithm), but I haven't found the exact requirements yet.

I can generate and deploy a new certificate, but I'm not sure what will give me one Firefox will accept.

Any thoughts ?

17 REPLIES 17

how is your decryption certificate encrypted ?

edit: let me clarify

I've been told since 6.1.4 you can encrypt the cert with AES256 and that should solve the Firefox issue.


But you'd have to generate a new cert of course.

Has this been verified?

I've been on 6.1.7 for a while now. Been testing internally with newly generated certificate. So far I have not encountered the issue anymore in FF.

 

But PA support also said another fix was made in 6.1.8, issue id 81830.

 

I'll upgrade to 6.1.9 soon. If problem stays away, I'll re-enable decryption for our users.

  • 10897 Views
  • 17 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!