Issue
- When logging into the web server of a Xenta controller using Mozilla Firefox 4 an error message is shown stating that the website is using an invalid security certificate.
- When logging into Xenta server using Firefox 4 a certificate error is displayed as displayed below:
The complete error screen reads as follows:This Connection is Untrusted
You have asked Firefox to connect securely to 192.168.1.152, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
Get me out of here!
Technical Details
(IP Address of Xenta) uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for (IP Address of Xenta)
(Error code: sec_error_ca_cert_invalid)
I Understand the Risks
If you understand what's going on, you can tell Firefox to start trusting this site's identification. Even if you trust the site, this error could mean that someone is tampering with your connection.
Don't add an exception unless you know there's a good reason why this site doesn't use trusted identification.
Add Exception... - How to install a self signed certificate.
Product Line
Satchwell MicroNet, TAC INET, TAC Vista
Environment
- Mozilla Firefox 4
- Xenta 511, Xenta 527, Xenta 555, Xenta 701, Xenta 711, Xenta 721, Xenta 731, Xenta 913
- SSL
Cause
The default certificate in the Xenta web server is a self-signed certificate. Since the certificate is not issued by a recognized Certificate Authority the web browser (in this case Firefox 4) cannot validate the authenticity of the certificate and suggests that the user not continue to the website each time the user tries to access it.
Resolution
There are two possible resolutions:
Install the self-signed certificate using the following steps:
- Expand the "I Understand the Risks" bullet then click the "Add Exception" button.
- Firefox will automatically retrieve the certificate from the Xenta server. Make sure to check "Permanently store this exception" and then click "Confirm Security Exception"
- The certificate is now installed and the warning screen will no longer show up when logging into the server. It may be necessary to restart Firefox for the changes to take effect.
Note: The certificate will need to be installed in each client computer that accesses the Xenta server but once this complete it does not need to be done again. The exception to this is if the web address of the Xenta server is changed or if Firefox is uninstalled then reinstalled.
Update: Starting in September 2014, all major browsers will be disabling 1024-bit roots within their trusted roots stores. Any SSL certificates chained to a 1024-bit root will no longer work on any browsers that takes this action or one that relies on another's root store (the self-signed certificate is 1024-bit). This means that you will still get the security warning even if you have installed the self-signed certificate.
Purchase a certificate issued by a Certificate Authority (CA):
These certificates are pre-installed into the web browser and will automatically prevent certificate errors from occurring on all client computers that access the web server. Note that these can be quite expensive and unless the Xenta web server is being hosted on the internet they are not necessary.
- Please see TAC Xenta Server - TAC Networks - Technical Manual for more information.
- See "There is a problem with this website's security certificate." when logging in to Xenta web server u... for information on installing certificates into Internet Explorer.
