Layout problems with Firefox

Hi Tom,

Thank you for the reply. The problem appears on my PC only and only with the Freescale Community Site. Other PCs display the site correctly. We use the latest Firefox and Win XP.

I also tried reloading the page, deleting cookies and starting FF in safe mode (no addons) but the problem persists.

I have attached a screenshot and the html code my browser receives for the page.

Thanks.

Anguel

I can open your HTML in a browser and it looks fine. It is also very similar to the source that I save from the same page.

Have you tried reloading the page with all combinations of Shift, Control and Alt? Some of them "reload more than others". Have you tried clearing the Browser cache? That's "Menu / Tools / Options / Advanced / Cached Web Content / Clear Now".

Tom

I solved that finally after spending a lot of time. The problem was that Firefox did not trust files loaded from https://community-cache.freescale.com and did not load some CSS files etc. It did not show this error on page load but when I tried to open e.g.  https://community-cache.freescale.com/5.0.3/styles/jive.css I saw the untrusted certificate error. I am not sure why this happens but it looks like the https certificate does not belong to the Freescale Cache site for some reason.

To add an exception: Open https://community-cache.freescale.com/5.0.3/styles/jive.css directly in Firefox and then say that you know about the security risks and nevertheless accept the certificate. This will add an exception and will finally make Firefox display the site properly. It would be fine if Freescale could check what actually caused the certificate problem.

Regards,

Anguel

It seems that for some reason the Firefox profile that works is getting a different certificate than the one that doesn't work.  I tried using wget, lynx, w3m, etc. to access the .css link, and they all complain about the security certificate as well.

The certificate that works has serial number 11:21:44:F7:D0:2D:B0:99:9A:F9:9B:66:97:33:AB:2F:16:F3 and "Certificate Subject Alt Name" of:

Not Critical

DNS Name: images.freescale.com

DNS Name: community-cache-uat.freescale.com

DNS Name: community-cache.freescale.com

DNS Name: images-uat.freescale.com

DNS Name: styles-uat.freescale.com

DNS Name: styles.freescale.com

I couldn't find an easy way to get the serial number of the invalid certificate, but this is Firefox's complaint:

community-cache.freescale.com uses an invalid security certificate.

The certificate is only valid for the following names:

  *.internapcdn.net , star.internapcdn.net , sslcdce.internapcdn.net , cm1.criticalmass.com , cdn.scriptlogic.com , verify.authorize.net , ssl.assets.sheetmusicplus.com , a15.ysicdo001.com , a15.ysicdo002.com , bym-fb4-s.cdn.kixeye.com , bp-fb4-s.cdn.kixeye.com , wc-fb4-s.cdn.kixeye.com , sshuffle-scdn.sgsapps.com , embednr.involver.com , s4.quibidscdn.com , s1.quibidscdn.com , images-ssl.nadaguides.com , ssl.staging.assets.sheetmusicplus.com , images.weissinc.com , cdn.weissinc.com , fb-cdn.ghsrv.com , bym-vx4-s.cdn.kixeye.com , cdn1.digikhan.net , dd-fb-cdn4.kixeye.com , wwwqa.emulex.com , www.emulex.com , www.reliancenetwork.com , di-fb-cdn4.kixeye.com , cdn.visiblemeasures.com , abifacebookapps.tcsondemand.com , s.webtrends.com , cdnssl.enwisen.com , gp-fb-cdn4-s.kixeye.com , media.gamehouse.com , img.nullprozentshop.de , fb01.cdn.ghsrv.com , admin.providesupport.com , www.sonicwall.com , www.lifereader.co.nz , cdn.euromoneyapi.com , admin1.providesupport.com , admin2.providesupport.com , admin3.providesupport.com , admin4.providesupport.com , www.lifereader.com.au , www.lifereader.com , www.lifereader.co.uk , kxp-cdn4-s.kixeye.com , www.internap.com , player.cdn.liquidcompass.net , dev1.lifereader.com , kxp-avatars-cdn4.kixeye.com , kow-fb-cdn4.kixeye.com , resource.alaskaair.com , player.secure.cdn.liquidcompass.net , resource.alaskaair.net , creative.media6degrees.com , ravedemo5.mdsol.com , operator.providesupport.com , messenger.providesupport.com , mesenger.providesupport.com , download.providesupport.com , rave564conlabtesting46.mdsol.com , bp-fb4.cdn.kixeye.com , wc-fb4.cdn.kixeye.com , kxp-avatars-cdn4-s.kixeye.com , bp-mob-cdn4.kixeye.com , rave564conlabtesting26.mdsol.com , rave564conlabtesting3.mdsol.com , rave564conlabtesting50.mdsol.com , rave564conlabtesting51.mdsol.com , rave564conlabtesting52.mdsol.com , rave564conlabtesting53.mdsol.com , rave564conlabtesting54.mdsol.com , rave564conlabtesting56.mdsol.com , rave564conlabtesting57.mdsol.com , rave564conlabtesting58.mdsol.com , rave564conlabtesting59.mdsol.com , byu-mob-cdn4.kixeye.com , *.https.internapcdn.net , *.mdsol.com 

(Error code: ssl_error_bad_cert_domain)

Here is wget's output:

$ wget https://community-cache.freescale.com/5.0.3/styles/jive.css

--2013-04-16 12:27:53--  https://community-cache.freescale.com/5.0.3/styles/jive.css

Resolving community-cache.freescale.com (community-cache.freescale.com)... 74.201.53.199, 74.201.53.200, 74.201.53.201, ...

Connecting to community-cache.freescale.com (community-cache.freescale.com)|74.201.53.199|:443... connected.

ERROR: no certificate subject alternative name matches

    requested host name `community-cache.freescale.com'.

To connect to community-cache.freescale.com insecurely, use `--no-check-certificate'.

I have attached some screenshots and the exported cerificates from the hierarchy.

I attached a pdf printout from digicert tester. Notice the following problem:

SSL Certificate is not trusted

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.

This problem does not appear for community.freescale.com

Anguel

Thanks for all the help on this.  Here is an update from the Freescale IT team...
"I opened a ticket with your CDN provider.  Our Jive community is configured to use the Freescale CDN. The CDN is correctly configured to present the Freescale SSL certificate for secure content. Unfortunately our CDN provider appears to be incorrectly presenting their SSL certificate instead of ours. Working with Larry we accessed all the CDN servers in the Germany region since that is where one of the users in the thread experienced an issue. All the CDN servers presented the Freescale certificate so this appears to be an intermittent problem."

anguel,

Would you please provide the version number of the Firefox browser experiencing the issue? I would like to confirm the response I got from the Freescale CDN provider.

Thank you for your patience and understanding!

chuycasillas

FSL IT - Internet Solutions

Jesus,

As I already said, latest Firefox under Win Xp pro 32 bit.

Anguel

Thanks anguel! I scanned the thread but didn't see you had commented previously on the browser version. My mistake.

I will continue to work this issue with our provider.

Chuy

Chuy, many thanks for resolving this nagging issue! Sherri

I don't like the look of that list of domains. Googling suggests you try:

SSL Certificate Tester - Check Certificates

It also suggested you carefully check the clock on that computer, but that probably gives a different error to what you're seeing.

Tom

The digicert.com tester sees the good certificate.   It's also seeing a different server -- it resolves community-cache.freescale.com to cdce.phx006.internap.com, whereas for me it resolves to cdce.dal003.internap.com.

And my clock is fine. :-)

pegasus711.knightrider and scottwood,

I appears Anguel has made some progress on the Fire Fox display issues.  I have shared Anguel's findings with with the IT support team and they are looking at how to avoid the issue in the future.

Anguel, thanks for sharing the info!

Thanks for the screen shot.  We have one other user reporting the same issue.  The IT team is aware of the issue.