There should never be no way to load a website open to the public
STOP FORCING SECURITY I DON'T WANT. I should never see this:
"To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."
In other words, Firefox refuses to open the website. There is no "I understand the risks. Take me there anyway" button. It won't add an exception. I got to it on Chrome (after a warning that it was insecure but an option to override the warning), so it's not impossible to connect. You at Firefox just decide I'm better off not getting to connect.
IT'S MY COMPUTER. WARN ME IF YOU WANT, AND THEN IF I SAY CONNECT ME ANYWAY, OR GIVE ME A CONFIG WAY TO OVERRIDE THE SECURITY. It's a doctors' office website. They don't take financial data. I don't really submit any data to them, just read what's there. But you know, even if I were giving enough data for identity theft, you should warn me but still let me do it if it's MY decision to take the risk.
So, please tell me how to override it, and if there is no way, fix the browser to warn me, but then to let me say "I'm going there regardless." You should never say "We will not connect you, no matter what you say."
All Replies (3)
Please provide public link(s) (no password) that we can check out. No Personal Information Please !
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
If a website uses HSTS then there shouldn't be a reason to override the certificate.
You can check if there is more detail available about the issuer of the certificate.
- click the "Advanced" button show more detail
- click the blue SEC_ERROR_UNKNOWN_ISSUER message to show the certificate chain
- click "Copy text to clipboard" and paste the base64 certificate chain text in a reply
If clicking the SEC_ERROR_UNKNOWN_ISSUER text doesn't provide the certificate chain then try these steps to inspect the certificate.
- open the Server tab in the Certificate Manager
- Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Servers: "Add Exception"
- paste the URL of the website (https://xxx.xxx) in it's Location field.
Let Firefox retrieve the certificate -> "Get Certificate"
- click the "View" button and inspect the certificate
You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.
I prefer (despite that I'm using a pseudonym) not to provide the web address info and reveal my personal doctor, but can say:
1) It is not my antivirus (which is Avast) intercepting it. I turned Webshield off because it was intercepting some requests, and while I'd have preferred to have it on to block malware sites, all a security device has to do to make me turn the "feature" off is to ever deny me access to something I want without giving me an option to bypass it (I'm all for warnings; warnings are good as long as we can "remember our decision" and not get warned again for the same site).
Also, I did access the site with Chrome (which warned me but let me access it anyway after choosing to ignore the warning), which Avast, if it were blocking despite my turning the shield off, would also have blocked.
2) I did eventually access the website on Firefox, through a hack I found through a search to defeat HSTS that I hesitate to post here because I'm afraid Firefox devs may try to prevent its use, of making Firefox believe, for certificate purposes, that it is many years ago-- so no certificate has expired as far as my Firefox copy is concerned any longer.
3) If you think #2 was too insecure, it may be; but Firefox didn't provide me the option to exempt the specific website. I either had to hack around its HSTS blocking of expired certificates or let it block the site. I'd prefer to be able to exempt any website I chose but be warned in other cases until I exempted the specific site, but that was not an option. The whole problem is "It is not possible to add an exception for this certificate," which should never occur. Always let me add an exception. It is my computer and my browser.
Every security measure on Firefox, Avast or anything else should let the user click a box to add an exception to anything it blocks based on security, and then I'd let it block (in this case) sites I didn't know (unlike this site, which I did know). Now it can't block anything, because there was no simple workaround to simply make it make an exception.
Gewysig op