[SOLVED] Can't Access PBS Web Interface on Firefox, but Works on Edge - SEC_ERROR_INADEQUATE_KEY_USAGE

amp88

New Member
Aug 9, 2020
10
4
3
39
Hi all. Bit of an odd problem. I've been using PBS in my homelab for more than 2 months now without any issues. After the initial installation and configuration I haven't needed to make any changes, but I just tried to login to the web interface on Firefox and was greeted with the following error:

pbs_error.png

"Secure Connection Failed. An error occurred during a connection to 192.168.1.12:8007. Certificate key usage inadequate for attempted operation. Error code: SEC_ERROR_INADEQUATE_KEY_USAGE"

Firefox doesn't give me any options to "continue with the risk anyway" or something similar. When I try on Edge I get the (expected) warning about an "invalid" certificate authority and can use the "advanced" option to continue at my own risk, so there's a workaround and I can do whatever administration needs to be done.

I used Firefox to set up the PBS installation 2+ months ago, so it definitely worked in the past. My assumption is that newer Firefox releases are more stringent about which certificates they allow users to override warnings on, but I'm not sure if that's the case. Has anyone else run into this issue using Firefox to access the PBS web interface?

Firefox version: 81.0.2 (64-bit)
OS: Windows 10 Pro 64-bit

Thanks!
 
Hello,


i also browsed from Windows 10, firefox version 81.0.2, it's works,

DeepinScreenshot_select-area_20201019121247.png

Please check firewall/protection programs
 
  • Like
Reactions: amp88
could you post the 'X509v3 extensions' part of the output of openssl x509 -in /etc/proxmox-backup/proxy.pem -noout -text?
 
  • Like
Reactions: amp88
does it work on a fresh profile?
 
  • Like
Reactions: amp88
does it work on a fresh profile?

Hmm, yes, it does. It gives me the "Potential Security Risk Ahead" page with the self-signed certificate warning (which I'd expect to happen). I guess that points to a problem with my existing Firefox profile then, and not a change in Firefox's handling of self-signed certificates. That's odd. Thanks for your help, and thanks again for Proxmox and PBS! :)
 
In case anyone else runs into this problem in the future, I fixed it by removing the (old) certificate entry for the server from my Firefox profile.

Either enter:
Code:
about:preferences#privacy

in the address bar or go to Tools -> Options -> Privacy & Security, then click "View Certificates...". In the Certificate Manager dialog that opens navigate to the "Servers" tab and scroll through the entries until you find the one that corresponds to your Proxmox Backup Server, then select it and hit the "Delete..." button and confirm deletion in the popup dialog.

Once you've done that you should be able to browse to your Proxmox Backup Server and you should be greeted with the "Potential Security Risk Ahead" page, where you can accept the self-signed certificate and proceed.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!