[20817] in Athena Bugs
Re: mozilla and ssl
daemon@ATHENA.MIT.EDU (t. belton)
Thu Sep 26 11:57:06 2002
Date: Thu, 26 Sep 2002 11:57:02 -0400 (EDT)
From: "t. belton" <tbelton@MIT.EDU>
To: Brad Thompson <yak@MIT.EDU>
cc: <netscape-release@MIT.EDU>, <web-agents@MIT.EDU>, <bugs@MIT.EDU>
In-Reply-To: <20020926041108.GA22639@zygorthian-space-raiders.mit.edu>
Message-ID: <Pine.GSO.4.33L.0209261141360.19002-100000@iphigenia.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
The most likely cause of your "unable to initialize security device"
error is no valid certificates. I agree that this message is a little
cryptic for that, but apparently Mozilla has a shortage of useful SSL
errors in general.
The message COULD also mean that one of the *.db files in the user's
profile directory doesn't have rights properly set. This has been known to
happen in certain circumstances involving using and renaming multiple
profiles. But if the user has only one profile, and this happens
consistently even with a freshly made profile - as you tried - then it's
bad certs.
If the user had 4.x prefs converted, as he probably did, then those
converted certs do not work right under Mozilla. But he can't prevent
Mozilla from converting those certs, so he has to let Mozilla shoot itself
in the foot, go clean up the mess externally, and then get fresh certs.
You will find the whole thing documented here:
http://web.mit.edu/tbelton/www/mozilla/certs.htm
There is one correction needed to this page which I have not yet made. The
script called 'erase_certs' there is now named 'clearcerts'. Other than
that, all the instructions stand.
Your removing the .mozilla dir and trying it again might not have solved
the problem ... because if the 4.x settings are still there, Mozilla will
just reconvert them and create the problem all over again.
I am passing this to a wide array of lists because I am seeing it a lot,
so here is the word: If someone is getting SSL errors then it is
ninety-five percent likely that it is badly obtained certs. *This is a
problem which nearly every Mozilla user will need to deal with once.*
Early in their Mozilla life is the time to catch it because then there is
no penalty for using the destructive 'clearcerts' command, which at
present is our best fix.
-Todd
On Thu, 26 Sep 2002, Brad Thompson wrote:
> A user came into the sipb office and told me that he could not use mozilla
> to access pages with ssl. He was not near quota, and I tried with no
> .mozilla directory. I have attached a window dump of the error message.
> This was done on a 9.1.16 sunblade running /usr/athena/bin/mozilla.
>
> yak
>
