Can't add exception to a https site, with self signed certificate!
When i try to connect to a site with a self signed certificate i can't complete the connection.
Chosen solution
gperes, I ran into this same issue with a Cisco device that had a self-signed cert by default.
Preferences - Advanced - Encryption - View Certificates - * Authorities *
There was an authority named "IOS-self-signed" or something like that from the Cisco device. Deleting that and then restarting Firefox solved the issue for me.
What helped me find that Authority to look for was using Safari to go to the device and view the SSL info. Hate that Firefox (21.0) blocks you completely and doesn't even let you view the cert info. PLEASE FIX Mozilla!! I should at least be able to view the cert.
Read this answer in context 👍 2All Replies (19)
There are a variety of firefox extensions to mitigate this behavior:
https://addons.mozilla.org/en-US/firefox/search/?q=certificate
Still can't access the page! These addons only shows or import/export the certificates. Don't fix the problem.
I am having the same problem. It says the certificate is not trusted BUT doesn't give you the choice to add an exception. But get this... I have another computer and it works just fine on that one. How the heck do you explain that one? All settings are the same. I'm so tired of you Firefox.
Can you post a link to such a page?
If you have visited that domain previously then you may already have stored an exception.
You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
Also check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Still the same problem!
No change, I've moved on to Chrome.
I will have to change the browser and not recommend to anyone, I've posted for almost a month and till now, nobody from mozilla have at least the consideration to try to discuss the problem.
I found an answer at this site http://support.mozilla.org/en-US/questions/929298
Quote: hello shrenikd & dtrager - apparently the hiding of the possibility to add exceptions in an iframe is by design in order to avoid fraudulent attempts to apply a certificate to users who think they are on a different page (see new comments on the bug).
@dtrager - in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.
Still don't work, it is not in a frame, so doesn't work this workaround. I will change the browser is not possible that a question like this one is posted for this long and nobody from mozilla have at least the consideration to contact to understand the problem. I always used the firefox browser, but for the first time in my life i think to use other browser that is not firefox.
Did you ever create an exception in the past for that site?
- Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers
See also:
nope. There is no exception created for this site. it was the first time that i've tried to access the site.
https://icalmscontent.ultimatix.net/ I cannot add exception. I did -> I understand the technical Risk - > Add Exception -> disabled confirm security exception
Certificate status - > Valid
this site provide valid verified identification. no need to add an exception.
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Did you try to click the View Certificate button to retrieve and inspect the certificate and check the certificate chain?
I know that the intentions are good in try everything that is simple, but it is not the case, the computer is up to date, date and time are working fine and only firefox do this.
Clear all you browser's cache. Mostly likely you have connected to the https site before and certificate is saved somewhere.
I already have tried this, but doesn't work.
Chosen Solution
gperes, I ran into this same issue with a Cisco device that had a self-signed cert by default.
Preferences - Advanced - Encryption - View Certificates - * Authorities *
There was an authority named "IOS-self-signed" or something like that from the Cisco device. Deleting that and then restarting Firefox solved the issue for me.
What helped me find that Authority to look for was using Safari to go to the device and view the SSL info. Hate that Firefox (21.0) blocks you completely and doesn't even let you view the cert info. PLEASE FIX Mozilla!! I should at least be able to view the cert.
I ran into the same problem.
In my case, what I needed to do was trust the CA more. The CA that had provided the invalid cert (was expired) was not enabled for website validation.
I had to find the CA name using another browser (because FF would not let me get far enough). I openned the page in Chrome, clicked the broken lock and then "Certificate Information" to display more details about the certificate causing the problem. In this case it was Rapid SSL CA under GeoTrust Inc.
Switching back to FireFox, I went to the Authorities list...
Preferences - Advanced - Encryption - View Certificates - * Authorities *
I selected the problem CA and then clicked the "Edit Trust" button. Enable the trust settings checkboxes.
Restart FireFox and was good to go...
The next time I hit the troubled page, I could add exception for cert and from then on use it.
Modified
You should never set any trust bits for intermediate certificates that are identified as "Software Security Device".
Only trusted root certificates (Builtin Object Token or possibly imported root certificates) should have trust bits set.