{"id":1005,"date":"2014-11-14T08:51:18","date_gmt":"2014-11-14T08:51:18","guid":{"rendered":"http:\/\/blogs.silicontechnix.com\/?p=1005"},"modified":"2014-11-14T09:02:16","modified_gmt":"2014-11-14T09:02:16","slug":"the-connection-was-reset-firefox-error-code-sec_error_invalid_key","status":"publish","type":"post","link":"https:\/\/blogs.silicontechnix.com\/?p=1005","title":{"rendered":"The connection was reset – Firefox – (Error code: sec_error_invalid_key)"},"content":{"rendered":"

Today when I opened my self-signed secure website, it gave me following error:
\nThe key does not support the requested operation. (Error code: sec_error_invalid_key<\/strong>)
\n\"connection<\/a>But in the past it was like:
\n\"connection<\/a>What I did wrong? Oh yes, Firefox upgraded to 33.0 (now 33.1), something broken in 33+ and was working fine with Firefox 32.0?<\/p>\n

Bug?<\/strong> : https:\/\/support.mozilla.org\/en-US\/questions\/1018618<\/a>
\nhttps:\/\/blog.mozilla.org\/security\/2014\/04\/24\/exciting-updates-to-certificate-verification-in-gecko\/<\/a>
\nhttps:\/\/developer.mozilla.org\/en-US\/Firefox\/Releases\/33\/Site_Compatibility#Security<\/a><\/p>\n

I have encountered the same problem when accessing Webmin\u00a0 after upgrading to Firefox 33. The key length is a problem here, so how to fix it?<\/p>\n

Recreate your self-signed certificate (like you first created the certificate)
\nRemove the self-signed certificate from Firefox allowed list and readd if it is due to expire.<\/p>\n

\n

I was using Webmin so I created a new ‘self signed’ ssl certificate from:
\nWebmin -> Webmin Configuration -> SSL Encryption -> Create New -> Self-Signed Certificate<\/p>\n

Now the technical reason<\/span> behind this new issue from Mozilla Developer Blog<\/a>:<\/p>\n

The Netscape-derived legacy Crypto API<\/a> implemented on window.crypto<\/code><\/a> has been disabled, including enableSmartCardEvents<\/code> and version<\/code> properties as well as generateCRMFRequest<\/code>, importUserCertificates<\/code>, logout<\/code> and signText<\/code> methods. These features have never been standardized and therefore will be removed with Firefox\u00a034<\/a>, while the standard Web Crypto API has been actively implemented<\/a>. See the MozillaWiki article<\/a> for details.<\/p>\n

Update<\/strong>: Feedbacks on Firefox\u00a033 have revealed that various banks and government agencies are still using this legacy Crypto API, the crypto.signText<\/code> method in particular. Therefore, Mozilla has decided to bring the API back with Firefox\u00a034 and remove it again in the near future once a substitute Firefox extension is developed. Firefox\u00a033 users can still re-enable the API by setting the dom.unsafe_legacy_crypto.enabled<\/code> pref to true<\/code>, and Firefox\u00a031 ESR users are not affected by this change<\/p>\n

How it helps<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Today when I opened my self-signed secure website, it gave me following error: The key does not support the requested operation. (Error code: sec_error_invalid_key) But in the past it was like: What I did wrong? Oh yes, Firefox upgraded to 33.0 (now 33.1), something broken in 33+ and was working fine with Firefox 32.0?<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"no","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[95],"tags":[457,460,62,459,458,143,91],"class_list":["post-1005","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-certificate","tag-connection-reset","tag-firefox","tag-sec_error_invalid_key","tag-self-signed","tag-ssl","tag-webmin"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p12j6H-gd","_links":{"self":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/1005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1005"}],"version-history":[{"count":5,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/1005\/revisions"}],"predecessor-version":[{"id":1013,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/1005\/revisions\/1013"}],"wp:attachment":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}