Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why do I receive a Secure Connection Failed message in Firefox when connecting to a search head which uses a self-signed certificate?

bpaul_splunk
Splunk Employee
Splunk Employee
‎10-10-2014 12:25 PM

I am using self-signed certificates to connect to my search heads using SSL. After upgrading to the latest version of Firefox (31+), I now receive the following error message when trying to connect.

Secure Connection Failed

An error occurred during a connection to x.x.x.x:8000. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

  • The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  • Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

What needs to be done to enable SSL communication to my search heads?

0 Karma
Reply

Liyra12
Loves-to-Learn Lots
4 weeks ago

The Secure Connection Failed (sec_error_ca_cert_invalid) message shows up because Firefox no longer accepts self-signed certificates by default. To fix it, you can either add your self-signed certificate into Firefox’s trusted certificates list or turn off the strict check. Open about:config, search for security.use_mozillapkix_verification, and set it to false. Restart Firefox, and you should be able to connect to your search head over SSL without that error. Hope it helps!

0 Karma
Reply

grijhwani
Motivator
‎10-10-2014 12:30 PM

Is Firefox not prompting you to allow an exception? You should be able to import and trust the search head's certificate into Firefox's trust store, or at the very least allow a permanent exception for that certificate.

0 Karma
Reply

bpaul_splunk
Splunk Employee
Splunk Employee
‎10-10-2014 12:33 PM

In this case, there is no option to allow an exception.

0 Karma
Reply

bpaul_splunk
Splunk Employee
Splunk Employee
‎10-10-2014 12:29 PM

Mozilla added a new certificate verification feature to their Firefox browser (starting with version 31) called PKIX. You will need to disable this feature to use your own self-signed certificate. You may do the following to accomplish this.

  1. Open the Firefox browser.
  2. Type about:config in the search bar and press enter.
  3. If presented with the warning, “This might void your warranty…”, click the “I’ll be careful, I promise!” button.
  4. In the Preference Name column, locate the security.use_mozillapkix_verification option.
  5. Double click on the option to toggle the setting to false

You should now be able to use Mozilla Firefox to access your search head using a self-signed certificate. For more information on Mozilla PKIX, please see their blog posting on the subject.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...