Unable to sign in.

[thesamim]

Suspect the issue is on Pandora side, but I'm not able to sign through Anesidora.

Seeing this in the console:

tuner.pandora.com:443 uses an invalid security certificate.

The certificate does not come from a trusted source.

Error code: <a id="errorCode" title="MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED">MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED</a>
  (unknown)

Suggestions?

[pvrs12]

Interesting... Are you able to sign in to normal pandora? Also, do you get any sort of certificate warning for regular Pandora? Is it possible that your internet traffic is going through a proxy? Also, is it possible that you modified any of the certificates for your computer?

[thesamim]

Patrick:

Thanks for the prompt response!

Yes, I am able to sign in through normal Pandora. BUT: the playback is messed up: First song plays ok. Second song song doesn't start for several seconds. Third song doesn't start then get error like "no more songs to play in your station." I have opened a ticket with Mozilla.

No: internet traffic is definitely not going through a proxy. No: have not altered certificates.

Fairly sure it's a Mozilla/Pandora security certificate issue, but wanted to make you aware just in case you had other suggestions.

[pvrs12]

Oh that's interesting.... I'm curious to see if you could get the certificate for https://tuner.pandora.com (browse to it, click the lock in the address par, click the right-arrow > more information > view certificate > copy the Fingerprints listed).

Also, if you're willing (this could potentially give location/IP information) would you be able to run tracert tuner.pandora.com (for windows)?

[thesamim]

Added Security Exception for tuner.pandora.com and I can login and play normally!

So, definitely not a Anesidora issue. :)

But since I did the diagnostics: Going to https://tuner.pandora.com I get MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED Can't view the certificate from there. (Clicking on the "View Certificate" button does nothing.)

Clicking on MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED, I get the contents of tunerPandoraComCerts.txt

Clicking on "Add Exception" in that page I get the fingerprints: SHA-256 fingerprint: 33:EC:CB:45:42:28:65:99:F3:19:7C:AD:DC:6D:A5:3B:A0:B4:05:3A:4D:DC:65:B4:2D:49:F7:97:5E:FF:74:B3 SHA1 fingerprint: FC:2E:6A:F4:9F:C6:3A:ED:AD:10:78:DC:22:D1:18:5B:80:9E:75:34

Clicking on "View Certificate Status" I can then export -pandoracom.crt

tracert results (with my IP masked) in tracertToTunerPandoraCom.txt

tunerPandoraComCerts.txt -pandoracom.crt.txt tracertToTunerPandoraCom.txt

[pvrs12]

Interesting, everything you linked matches with mine. Searching for the PKIX error I found this thread (https://support.mozilla.org/en-US/questions/1209370) which is literally this exact issue.

According to the people on that thread it's a Pandora issue and the current workaround is to add an exception (which you've already done).

This is definitely an interesting issue. I'll be interested to learn if you hear anything further about this. For now I'm going to close this issue since it seems to be more of a Pandora problem

[thesamim]

Thanks Patrick. Sent email to Pandora. Will keep you posted here.