Where does Firefox store cerificates and how to delete one?

Posted by majid4466 on Super User See other posts from Super User or by majid4466
Published on 2010-04-30T08:48:49Z Indexed on 2010/04/30 20:49 UTC
Read the original article Hit count: 153

Filed under:
|
|

Hi all,

The root cause of my problem is not known to me, whatever it is, I experience frequent DNS failures. When it happens I cannot browse to my Gmail inbox. I use two DNS settings. One is the public DNS server offered by OpenDNS, and the other is Google's free DNS server. When this happens I switch from the active setting to the other one and the problem goes away. But there is a side effect to this. When browsing to Gmail fails to load, after switching the DNS I receive an error saying the security certificate the site uses is only valid for OpenDNS.

This my wild guess at what is going on:

  1. OpenDNS fails to resolve mail.google.com to its IP,
  2. My ISP sends me a page showing search results for 'mail.google.com'
  3. Since I have received some sort of page instead of a timeout, the browser, mistakenly, binds the certificate it has cached for 'mail.google.com' to the new domain. This search page is not served by https so not exception is thrown by the wrong binding
  4. After switching the DNS, the domain is correctly resolved to Gmail server's IP and since his is on https the handshake is triggered.
  5. Now, because of the wrong binding, which passed quietly as no handshake was involved, I receive the error saying the certificate used by 'mail.google.com' is only good for openDNS

I don't know much about DNS, less about https and the process of establishing a secure connection. How correct is my explanation? How can I delete the wrong association and/or the certificate?

Thanks for listening.

P. S. The problem goes away by itself, but sometimes it takes several hours before Gmail works again.

© Super User or respective owner

Where does Firefox store cerificates and how to delete one?

Posted by majid4466 on Server Fault See other posts from Server Fault or by majid4466
Published on 2010-04-30T08:48:49Z Indexed on 2010/04/30 8:58 UTC
Read the original article Hit count: 153

Filed under:
|
|

Hi all,

The root cause of my problem is not known to me, whatever it is, I experience frequent DNS failures. When it happens I cannot browse to my Gmail inbox. I use two DNS settings. One is the public DNS server offered by OpenDNS, and the other is Google's free DNS server. When this happens I switch from the active setting to the other one and the problem goes away. But there is a side effect to this. When browsing to Gmail fails to load, after switching the DNS I receive an error saying the security certificate the site uses is only valid for OpenDNS.

This my wild guess at what is going on: 1. OpenDNS fails to resolve mail.google.com to its IP, 2. My ISP sends me a page showing search results for 'mail.google.com' 3. Since I have received some sort of page instead of a timeout, the browser, mistakenly, binds the certificate it has cached for 'mail.google.com' to the new domain. This search page is not served by https so not exception is thrown by the wrong binding 4. After switching the DNS, the domain is correctly resolved to Gmail server's IP and since his is on https the handshake is triggered. 5. Now, because of the wrong binding, which passed quietly as no handshake was involved, I receive the error saying the certificate used by 'mail.google.com' is only good for openDNS

I don't know much about DNS, less about https and the process of establishing a secure connection. How correct is my explanation? How can I delete the wrong association and/or the certificate?

Thanks for listening.

P. S. The problem goes away by itself, but sometimes it takes several hours before Gmail works again.

© Server Fault or respective owner

Related posts about dns

Related posts about https