[SOLVED] Can't Access PBS Web Interface on Firefox, but Works on Edge - SEC_ERROR_INADEQUATE_KEY_USAGE

[amp88]

Hi all. Bit of an odd problem. I've been using PBS in my homelab for more than 2 months now without any issues. After the initial installation and configuration I haven't needed to make any changes, but I just tried to login to the web interface on Firefox and was greeted with the following error:



"Secure Connection Failed. An error occurred during a connection to 192.168.1.12:8007. Certificate key usage inadequate for attempted operation. Error code: SEC_ERROR_INADEQUATE_KEY_USAGE"

Firefox doesn't give me any options to "continue with the risk anyway" or something similar. When I try on Edge I get the (expected) warning about an "invalid" certificate authority and can use the "advanced" option to continue at my own risk, so there's a workaround and I can do whatever administration needs to be done.

I used Firefox to set up the PBS installation 2+ months ago, so it definitely worked in the past. My assumption is that newer Firefox releases are more stringent about which certificates they allow users to override warnings on, but I'm not sure if that's the case. Has anyone else run into this issue using Firefox to access the PBS web interface?

Firefox version: 81.0.2 (64-bit)
OS: Windows 10 Pro 64-bit

Thanks!

 

[Moayad]

Hello,


i also browsed from Windows 10, firefox version 81.0.2, it's works,



Please check firewall/protection programs

 

[fabian]

could you post the 'X509v3 extensions' part of the output of openssl x509 -in /etc/proxmox-backup/proxy.pem -noout -text?

 

[amp88]

could you post the 'X509v3 extensions' part of the output of openssl x509 -in /etc/proxmox-backup/proxy.pem -noout -text?

 

[fabian]

does it work on a fresh profile?

 

[amp88]

does it work on a fresh profile?

Hmm, yes, it does. It gives me the "Potential Security Risk Ahead" page with the self-signed certificate warning (which I'd expect to happen). I guess that points to a problem with my existing Firefox profile then, and not a change in Firefox's handling of self-signed certificates. That's odd. Thanks for your help, and thanks again for Proxmox and PBS!

 

[amp88]

In case anyone else runs into this problem in the future, I fixed it by removing the (old) certificate entry for the server from my Firefox profile.

Either enter:

about:preferences#privacy

in the address bar or go to Tools -> Options -> Privacy & Security, then click "View Certificates...". In the Certificate Manager dialog that opens navigate to the "Servers" tab and scroll through the entries until you find the one that corresponds to your Proxmox Backup Server, then select it and hit the "Delete..." button and confirm deletion in the popup dialog.

Once you've done that you should be able to browse to your Proxmox Backup Server and you should be greeted with the "Potential Security Risk Ahead" page, where you can accept the self-signed certificate and proceed.