The connection was reset – Firefox – (Error code: sec_error_invalid_key)
Today when I opened my self-signed secure website, it gave me following error:
The key does not support the requested operation. (Error code: sec_error_invalid_key)
But in the past it was like:
What I did wrong? Oh yes, Firefox upgraded to 33.0 (now 33.1), something broken in 33+ and was working fine with Firefox 32.0?
Bug? : https://support.mozilla.org/en-US/questions/1018618
https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/
https://developer.mozilla.org/en-US/Firefox/Releases/33/Site_Compatibility#Security
I have encountered the same problem when accessing Webmin after upgrading to Firefox 33. The key length is a problem here, so how to fix it?
Recreate your self-signed certificate (like you first created the certificate)
Remove the self-signed certificate from Firefox allowed list and readd if it is due to expire.
I was using Webmin so I created a new ‘self signed’ ssl certificate from:
Webmin -> Webmin Configuration -> SSL Encryption -> Create New -> Self-Signed Certificate
Now the technical reason behind this new issue from Mozilla Developer Blog:
The Netscape-derived legacy Crypto API implemented on window.crypto
has been disabled, including enableSmartCardEvents
and version
properties as well as generateCRMFRequest
, importUserCertificates
, logout
and signText
methods. These features have never been standardized and therefore will be removed with Firefox 34, while the standard Web Crypto API has been actively implemented. See the MozillaWiki article for details.
Update: Feedbacks on Firefox 33 have revealed that various banks and government agencies are still using this legacy Crypto API, the crypto.signText
method in particular. Therefore, Mozilla has decided to bring the API back with Firefox 34 and remove it again in the near future once a substitute Firefox extension is developed. Firefox 33 users can still re-enable the API by setting the dom.unsafe_legacy_crypto.enabled
pref to true
, and Firefox 31 ESR users are not affected by this change
How it helps