Knowledge Base

Scenario

Background: Customers running the 64-bit version of Firefox are experiencing issues accessing the PKI Manager portal via PKI Client. They are getting the following error below.

Error Message

Secure Connection Failed
An error occurred during connection to pki-idp.symauth.com SSL peer was unable to negotiate an acceptable set of security parameters. Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

Cause

The issue is related to Firefox loading the 32-bit version of the PKI Client security module (PKCS11.dll), instead of the 64-bit version. This can be demonstrated by looking at the settings of the Security Devices for PKI Client, under: Open Menu -> Options -> type “Certificate” in Find in Options text field -> click on Security Devices button, where it shows it has NOT loaded any settings for the PKI Client security device, and you can see it is loading a 32-bit version (from “Program files (x86)”):

Solution

The issue can be resolved in 2 ways:

Option 1: Install the 32-bit version of Firefox, followed by the PKI Client plugin, which will automatically install the 32-bit version of the “DigiCert Security Module” by default.

Option 2: Manually load the 64-bit version of the PKI Client PKCS11 security module using Firefox 64-bit, and remove the old 32-bit security module (if present):

1. Click on Load button
2. Navigate to the 64-bit PKI Client folder and select the “PKCS11.dll” file:
   
3. Click Open and enter a friendly Module Name, e.g. DigiCert PKCS#11 Module
   
4. Click OK. You will now see the PKI Client module correctly installed and will be able to access the PKI Manager portal successfully.
   Note: If prompted to enter a Master password, use your PKI Client PIN.
   
5. Remove the ‘broken’ 32-bit security module by clicking on the Unload button
6. When asked to confirm the deletion of the security module, click OK.
   
7. You will see that you have only one PKI Client security module (the 64-bit version)