KB Article #176330

Cannot connect to API Gateway port 8090 from Firefox in 7.1


* When attempting to connect to the administration port (8090) of an API Gateway running 7.1 using Firefox, you get the error (Errorcode: sec_error_ca_cert_invalid) and are not permitted to make an exception and trust the certificate.


-- There are two ways to bypass this.  One is to use another browser like Chrome, which will permit the exception.  The other is to change Firefox's security settings.  The problem was introduced by these Firefox changes which must be disabled in order to permit you to make an exception.  To do that, in Firefox, go to 'about:config' in a new tab and toggle security.use_mozillapkix_verification to false.  After that, you will be able to make an exception for the certificate and connect normally.

You can avoid this entirely by controlling the CA itself in 7.2 and later versions.  7.2 and beyond have an option 24 in managedomain that lets you chain the cert on 8090 off of an internal root CA that you have created & trusted.  7.3 and beyond offers additional options in managedomain, where you can create CSRs for gateway certs that you submit to an external CA.