191 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Interesting in Going to IBM Connect 2017? Contact me for a $100 Discount
Thu, Jan 19th 2017 159
Notes Domino Templates Get Slated for an Update. Here’s the Roadmap
Mon, Oct 3rd 2016 7
Staying at The Top of Google Searches for Smart Phones
Thu, Sep 29th 2016 7
Awesome Linux Reference Sheets for Developers (and Administrators)
Tue, Sep 27th 2016 11
IMSMO 2.0 (Project Hawthorn) Expands Client Offerings, Crash Avoidance Tip, and an Updated Schema
Mon, Sep 26th 2016 8
IBM Verse On-premises Third Post: Updated Schema, New Features
Thu, Sep 22nd 2016 11
A Conversation with Barry Rosen, at IBM: Part II
Wed, Sep 21st 2016 7
Top 10
Interesting in Going to IBM Connect 2017? Contact me for a $100 Discount
Thu, Jan 19th 2017 159
IBM Verse On-premises Architecture and Insight
Wed, Aug 3rd 2016 16
Skype 4.3 on Linux Crashing? Here’s a Fix.
Tue, Aug 5th 2014 11
IBM Verse On-premises Third Post: Updated Schema, New Features
Thu, Sep 22nd 2016 11
Awesome Linux Reference Sheets for Developers (and Administrators)
Tue, Sep 27th 2016 11
IMSMO 2.0 (Project Hawthorn) Expands Client Offerings, Crash Avoidance Tip, and an Updated Schema
Mon, Sep 26th 2016 8
How To Receive Ubuntu 12.04 Kernel Updates After 7 August 2014
Wed, Jul 16th 2014 7
A Conversation with Barry Rosen, at IBM: Part I
Tue, Sep 20th 2016 7
A Conversation with Barry Rosen, at IBM: Part II
Wed, Sep 21st 2016 7
Staying at The Top of Google Searches for Smart Phones
Thu, Sep 29th 2016 7


Firefox Upgrade Kills iNotes, ICS SSL Product Access with Domino CA/Self-Signed Certs
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Bill Malchisky    

On Thursday, 24 July, I ran iNotes on Firefox sans problems. When I tried it on Friday, 25 July, I received a server connection error. I replicated in Notes so I knew the server was up. Then I tried accessing iNotes via Chrome on the same machine -- it worked. Tried a different operating system: Firefox generated an error, but Chrome and Safari worked. My third OS permutation yielded the same results, substituting IE for Safari. In each case Firefox failed to connect via SSL. (The error code did not phase me as I see that occasionally when testing--several reasons for an invalid cert.) What changed? This was easy. That morning, I upgraded three of my machines to the latest version of the browser -- Firefox 31.

Image:Firefox Upgrade Kills iNotes, ICS SSL Product Access with Domino CA/Self-Signed Certs

My work-around proved successful, as utilizing another browser allowed me to continue sans issue, with a goal to troubleshoot later that weekend. The issue derives from a new security model within Firefox, forcing the hand of web site owners to utilize only third-party SSL certificates (ideally), unless the end-users enact an alternate solution. On Thursday, 31 July 2014, IBM released Technote 21680147, indicating the root cause with four recommended solutions/workarounds:

1. Disable the new security library verification within the browser
2. Use Firefox 24.7 extended support release (which omits this new capability); corporation release is here
3. Use another browser brand
4. Purchase a third-part SSL certificate

Note: the Technote illustrates implementation of option one, with links incorporating option four into your ICS servers, thus further details are omitted within this post.

I can see several issues with the first three for smaller firms. Medium sized companies and larger firms tend to test carefully before desktop application upgrades of any software product; so a good plan will catch this error early, but possibly create an unexpected project. They also tend to use third-party certificates for external access. Test boxes can be impacted as paying for another cert may be outside of your budget, but the Domino CA makes it easy to test SSL access with an application -- as an example.

There are issues outside of the ICS brand too. A business accessing a private VPN server via a browser's SSL connection to generate a secure tunnel will most likely have connectivity issues if that tunnel is generated with a self-signed certificate (I can think of a couple of good reasons for this scenario); sometimes a secure private box with specialized access, needs a self-signed certificate. Also, if end-users/testers access web applications on a site with a self-signed certificate, they could encounter issues with Firefox 31+.

For most Internet accessible servers, the site administrator best practice utilizes third-party SSL certificates, which is a practice I condone. Having stated that, it is not an option in all cases, and now those affected have at least three ways to resolve it.

Hope this helps and saves you some time.

---------------------
http://www.BillMal.com/billmal/billmal.nsf/dx/firefox-rejects-domino-certificates.htm
Aug 03, 2014
7 hits



Recent Blog Posts
159
Interesting in Going to IBM Connect 2017? Contact me for a $100 Discount
Thu, Jan 19th 2017 3:06p   Bill Malchisky Jr.
Hi Everyone and Happy New Year to all of you. Best of luck in the new year. I have a couple of posts for IBM Connect in the works. Lets commence new year with a new discount. As an IBM Champion for 2017, IBM is allowing us to offer $100 discounts to friends who may be interested in attending. If you are on the fence, know that the session list is attractive with over 200 being offered. Success stories from customers will be on display, along with the technical labs returning as well. Thus, you c
7
Notes Domino Templates Get Slated for an Update. Here’s the Roadmap
Mon, Oct 3rd 2016 2:05a   Bill Malchisky Jr.
This is the first of two roadmap posts I authored for release this week. Beyond my post last month where I covered lightly that templates would be upgraded, Barry Rosen provided an updated roadmap with two slides covering just Notes Domino Templates. For simplicity, I copy-pasted the prose from the first slide to make it searchable, and appended the time table slide for the second. Nice to see some progress here too. Nice to see that they are filling in the hole created previously from multiple
7
Staying at The Top of Google Searches for Smart Phones
Thu, Sep 29th 2016 2:10a   Bill Malchisky Jr.
Although quality web developers have known for a while, Google wants you to be mobile friendly. Thus, if you want to stay at the top of Google web searches when the customer uses a smart phone, then your web site must display well on mobile phones. If not, Google will lower your weighting and you'll suddenly show farther down the list versus when the same search is performed on a desktop. But never fear, Google offers a free tool to check your site. As I thought this tool is handy, I wanted
11
Awesome Linux Reference Sheets for Developers (and Administrators)
Tue, Sep 27th 2016 2:03p   Bill Malchisky Jr.
A blog post for developers? Yes! Though it is not my first and will not be my last, it has been awhile. As an admin, this reference sheet is also helpful. I learned of a great Vim (vi Improved) reference sheet recently. There is a lot of information on a single sheet of paper, organized quite well and easy to use. If you need a handy reference sheet for vi commands... this is a good one to review. Although it works great in color, but he also offers a gray scale version and one for those with re
8
IMSMO 2.0 (Project Hawthorn) Expands Client Offerings, Crash Avoidance Tip, and an Updated Schema
Mon, Sep 26th 2016 3:17a   Bill Malchisky Jr.
On Thursday, 22 September, IBM Social Business Community Call where Luis Guirigay, Barry Rosen, and Scott Vrusho provided a quality session on IMSMO 2.0, IBM re-announced to a larger international audience new support for Outlook 2010 and 2016. This is exciting news to hear. At ICON US in May, Luis Guirigay stated that the new expanded client support would happen this year and at MWLUG 2016, IBM officially made the announcement--keeping their promise. In my working with the product over the past
11
IBM Verse On-premises Third Post: Updated Schema, New Features
Thu, Sep 22nd 2016 3:16a   Bill Malchisky Jr.
Preface In my previous two blog posts pertaining to Verse On-premises (VOP), please note that a few of the items below were covered here previously. This serves as a metric to ascertain what key items are likely to remain. As cited here on July 18, 2016, IBM is fully committed to and on-track to make a year-end release for this product. IBM is discussing a lot of new VOP items at events in multiple cities/countries; for example MWLUG in Austin, TX. Much of what I reported on August 3, 2016 rema
7
A Conversation with Barry Rosen, at IBM: Part II
Wed, Sep 21st 2016 2:01a   Bill Malchisky Jr.
Below is the completion of my interview with Barry Rosen, IBM Offering Manager for ICS. Enjoy! Notes 9.0.2 and Feature Packs * As indicated in the slide yesterday, the entire feature set of 9.0.2 will not be released into one Feature Pack (FP), but over four. Yes, the next four FPs will introduce what 9.0.2 would have offered. For some, this may be an eternity. Here is how I look at it: If we waited for 9.0.2 to actually be released, we would be looking at a late Q2 '17 release date at th
7
A Conversation with Barry Rosen, at IBM: Part I
Tue, Sep 20th 2016 2:02a   Bill Malchisky Jr.
During ICON UK 2016 in London, I took some time to talk with the IBM Offering Manager for ICS covering IBM Notes, Domino, Verse on Premises, and Sametime, Barry Rosen. Our initial Q&A turned into about a 30 minute dialogue, which I found quite informative. With his permission, I am posting the more interesting parts of our conversation. Acknowledging Reality To Reset the Norm IBM recognizes --- as do their customers and BPs --- that over the previous three years, they became a rudder
2
My Two ICON UK 2016 Session Decks
Mon, Sep 19th 2016 1:00p   Bill Malchisky Jr.
What a great few days in London. Once again, the entire team there did a great job to offer the IBM Community an excellent learning opportunity. Thank you as well to the quality sponsors that committed to ensure this user group would happen. The organizers and the sponsors all deserve our gratitude. From that, I spoke at two sessions: Day 1 - co-presented with Keith Brooks Migration:Impossible... Not so Day 2 - co-presented with Serdar Basegmez Back from the Dead: When Bad Code Kills
16
IBM Verse On-premises Architecture and Insight
Wed, Aug 3rd 2016 2:30a   Bill Malchisky Jr.
Yesterday, IBM provided a preview call for select customers covering IBM Verse On-premises (VOP). Those in attendance were amongst the first to receive updated particulars on this product. I explicitly asked and received permission to provide this information. Here is a subset of relevant items discussed/presented. Disclaimer: As certain features are still being developed, anything and everything below is subject to change. The data below reflects what was presented to me and is believed to b




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition