Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2281 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow Certificate - suddenly needed - then secure connection failures problem

Brian1941

All of a sudden, today after booting, I received a notification that I needed to trust the certificate for decryption.  I allowed the trust.  SSL/TLS Decryption is and has been disabled in the Policy. Now, everything I try to connect to in Safari, Chrome, Firefox, even Endpoint communications are failing as can't make a secure connection to the website error.  I've looked at all certificates in Keychain Access and they are all trusted.  The only way to get around this that I've found is to connect through a VPN bypassing the XG firewall.  

I'm on Sonoma 14.2.1 (23C71) on a MacBook Pro M3.  The Endpoint is 10.5.1. Everything in Self Help is green.

Any ideas on the cause and solution?

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    And now I can't connect to the XG firewall in Firefox.  The error is:

    "Peer’s certificate has an invalid signature.

    Error code: SEC_ERROR_BAD_SIGNATURE"

    I can still connect to the XG in Safari, but I prefer Firefox for that.

  • 0 in reply to Brian1941

    When did you create the certificate? Long ago SHA-1 was standard hash for signatures.

    This is not longer the case since SHA-1 is now considered as insecure (collisions have been found).

    Some time ago Firefox stopped accepting them.

    You need to regenerate the certificate with SHA-256 at least (SHA-512 preferred).

    As last resort you can set "security.pki.sha1_enforcement_level" back in Mozilla.

Reply
  • 0 in reply to Brian1941

    When did you create the certificate? Long ago SHA-1 was standard hash for signatures.

    This is not longer the case since SHA-1 is now considered as insecure (collisions have been found).

    Some time ago Firefox stopped accepting them.

    You need to regenerate the certificate with SHA-256 at least (SHA-512 preferred).

    As last resort you can set "security.pki.sha1_enforcement_level" back in Mozilla.

Children
  • 0 in reply to Alan Brand

    This has been working for months, all of a sudden the message popped up when I was booting.  That's what I don't understand.  But with SSL/TLS decrypt on the XG on, I get the can't make a secure connection to the server error.  

    All my other computers configured this way work just fine.  It's just this computer.  I re-downloaded the required certificate and that didn't fix it.

Unfiltered HTML