5

I am using Firefox version 37.0.2 with an ethernet connection at a university in Bangkok. I consider the university a network a hostile environment as the majority of the computers on this network are running counterfeit versions of Windows, and I have seen a lot of viruses on them.

When I try to visit https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx (and other secure pages on microsoft.com), I get this error:

Firefox Error: Secure Connection Failed

Secure Connection Failed The connection to the server was reset while the page was loading.

Notes:

  • I get no error when visiting the same url using Google Chrome v42.0.2311.135 or with Microsoft Internet Explorer v11.0.96
  • If I connect to the Internet through a VPN (CyberGhost), I don't get the error at all.
  • I have never added my university's security certificate to my Windows trusted store. I have checked certmgr and cannot see anything related to my university.

I would be really grateful if anyone can answer:

  • Why only Firefox?
  • Why does using a VPN fix it?
  • If I don't trust the university network, would I be safer doing all my web browsing through a trusted VPN?
Improve this question
2
  • 2
    If you review the certificate(s) provided by the web page when using VPN/not using VPN, what differences, if any, can you see?
    – Alasjo
    Commented Apr 30, 2015 at 6:24
  • When not using a VPN, there is no certificate that I can see. Firefox says technet.microsoft.com "This web site does not supply ownership information." There is no padlock.
    – Kit Johnson
    Commented May 9, 2015 at 0:27

1 Answer 1

Reset to default
4

The last FF update messed with my settings. Deleted my homepage, some stored certificates, and it might have even messed with some config information.

My guess is the university network does a MitM of your TLS connections which isn't uncommon for larger organizations. And the last FF update deleted the stored certificate for the university.

  1. It's only on Firefox because the last update seriously messed with some stuff. As @Ramhound pointed out Firefox uses its own certificate store while Chrome and IE use the OS's certificate store for the user. If Firefox decided to reset a lot of its configuration then any user added certificates could have been removed.
  2. The VPN fixes it because it most likely bypasses their TLS MitM. Although why they allow VPNs at all might be a counter argument to this point.
  3. If you don't trust the university network using a trusted VPN would be a better solution in general.

As a solution I would look at your Chrome trusted certificates and see if any are installed that relate to your university. Check to see if that certificate(s) are installed in Firefox.

Improve this answer
7
  • 1
    Its also only Firefox because Firefox is the only browser that uses its own certificate store. Chrome and IE use the operating system's certificate store, specifically, the user's certificate store ( vs the machine's certificate store ).
    – Ramhound
    Commented May 1, 2015 at 11:35
  • Good point! I completely forgot about that. I added it to my answer.
    – RoraΖ
    Commented May 1, 2015 at 11:59
  • You had already earned an upvote, since your conclusion, is technically sound. I have been doing lots of certificate questions so I had done prior research.
    – Ramhound
    Commented May 1, 2015 at 14:23
  • Thank you so much for this answer. I've got two more questions: why do large organisations do MitM on their users? If this is the case with my university, and it looks like it might be, I should do everything through a VPN. Second question: I never added my university's certificate to my trusted root certificates in Windows (since I don't really trust them). So why wouldn't Chrome and IE also complain about this?
    – Kit Johnson
    Commented May 9, 2015 at 0:47
  • On 'why do organisations do MitM', I found this interesting piece on slashdot
    – Kit Johnson
    Commented May 9, 2015 at 1:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .