Share

Plone: "This Connection is Untrusted" Error in Firefox

You may see a "This Connection is Untrusted" error when logging in to Plone for the first time. This is normal, and is caused by an SSL Certificate mismatch.

Error Screen

The first time you log in to a Plone site, you may see this error screen:

ssl-warning-1.png

Adding An Exception

To assure the browser that everything is OK, click on the "I Understand the Risks" text. It will then show you an "Add Exception" button:

ssl-warning-2.png

Click the "Add Exception" button. The browser will present you with this dialog box:

ssl-warning-3.png

Wait for 3-5 seconds while the browser downloads the certificate. The "Confirm Security Exception" button will then be enabled. Click this button to confirm that you want to bypass this error message. You can now edit the site.

Who sees this error?

Only people logging in to edit Plone pages will see this error. People using their department intranets (e.g. https://agsci.psu.edu/intranet/[department]) or extranet sites will not see the error.

What causes this error?

We use one SSL certificate for all sites in the Plone environment. Due to the way the https protocol is implemented, only one SSL certificate may be used per IP address/port combination. In addition, each additional SSL certificate has a non-trival cost.

The browser is telling you that the name on the certificate (agsci.psu.edu) does not match the name of your site. Since all sites are sharing the same certificate, this error will appear the first time you log into a Plone site.

Variation: "Secure Connection Failed" Error

In rare cases, a browser, computer or network configuration may result in a "Secure Connection Failed" error, similar to:

Secure Connection Failed

which offers only the "Try Again" option, and does not give you the choice to add an exception. In this case, you will need to add the exception manually.

Adding a certificate exception manually

  • Go to Tools -> Options (in Windows) or Firefox -> Preferences (on a Mac)
  • Click on the Advanced ("gear") icon at the top
  • Click on the Encryption tab. You will see this screen:

    View Certificate

  • Click the View Certificates button. You will see this screen:

    Servers

  • Click the Servers tab
  • Click the Add Exception button. You will see this screen:

    Add Security Exception

  • Enter the URL of the site you're attempting to edit ("https://extension.psu.edu" in this case) in the Location field
  • Click the Get Certificate button
  • Click the Confirm Security Exception button at the bottom
  • Close out the rest of the dialog boxes by clicking OK on each one.