Search code examples
firefoxgitlabmozillagitlab-ce

GitLab - Secure Connection Failed error on firefox

Recently i have re-installed my GitLab application on my Linux system. When i tried to access my GitLab application link (https://gitlab.domain.com) on Windows system's Firefox browser i am getting below error.

Firefox error

Since the certificate generated freshly it was conflicting with existing/previous certificate, So i have followed this Link workaround. However even after system reboot also same error occurring, I can't access my GitLab application on Firefox browser.

I'm able to access it on Chrome browser without any problem.

Please let me know still where i need to clear the old certificate to make it work on firefox?

Solution

  • That seems to be the same error as in issue 435013 reported 13 years ago (and still open), where Firefox has an issue with routers and NSS (Network Security Services) (error -8054)

    As I understand it, and from the discussion on #312732 which is the underlying issue, the problem is that the crypto uses the cert ID as a unique key in a database.

    When a dupe is encountered, you can't have two primary keys in a database, so it just dies with a fatal error, hence FireFox gives up connecting to the site and passes on the fatal error to be presented.

    This is not a "fundamental NSS design issue", it's a political issue, Firefox is ACTIVELY refusing to let people access their network equipment.

    Check also the firmware of your router:

    It seems to me that it is VERY EASY for the server-side products that generate these certificates to more-or-less fix the problem in updated firmware with very little effort. Even simply randomizing the serial numbers in the certs, they would nearly completely eliminate the problem, AFAICT. In fact, it is worth making sure that the affected server-side hardware has up-to-date firmware, because some vendors might have already fixed it on their end already.

    Possible workaround (which would work even after FF restart)

    This is hardly any fix, but I installed a new Mozilla from scratch on a VM under Virtualbox.
    I than browsed to all my local systems I was getting this error. On connecting from the new Window3s sytem running on VM to each local IP, I received the warning, and created the exception.

    I than went in to Preferences>Advanced, and Exported all the certificates to a share on one of my NAS units.

    I proceeded back to the broken Mozilla running on my Mac OS X 10.11.1, and I Imported all the certificates.
    I then restarted FF, and connected to each device I was getting the error on, and I received the "This is an untrusted connection, Get me out of here, or would you like to create an exception." YES!!
    I created the exception, and finally I could get to my firewalls, and all other local devices.

    Other workaround:

    1. Run: firefox --no-remote --ProfileManager
    2. Create a new profile there.
    3. Open a new instance of Firefox using the new profile. To run Firefox with the profile you can use the command from 1. or: firefox --no-remote -P profile_name
    4. Do the actions there as if it was a separate installation of Firefox