Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

Firefox won't trust imported certificate

  • 9 antwurd
  • 1 hat dit probleem
  • 2 werjeftes
  • Lêste antwurd fan cor-el

more options

In order for our secure webfilter to filter traffic on SSL encrypted websites, we have to install a certificate that will allow for an intentional mitm attack. We have only had a problem having this certificate replace Google's recently. Do we need to take an added step to have this certificate truly become trusted?

In order for our secure webfilter to filter traffic on SSL encrypted websites, we have to install a certificate that will allow for an intentional mitm attack. We have only had a problem having this certificate replace Google's recently. Do we need to take an added step to have this certificate truly become trusted?

Alle antwurden (9)

more options

I would like a response, please.

more options

can you be more specific about what kind of error message / error code you are receiving?

more options

I have attached a screenshot.

more options

thanks, this screenshot doesn't reveal an error with a certificate but indicates that there are parts of the website which are not loaded through https (so called "mixed content"). you can inspect that by looking in the security tab of the firefox web console: https://developer.mozilla.org/en-US/docs/Security/MixedContent

you'd have to look into the workings of your MITMing solution on why it may be causing this...

more options

This issue exists for several different MITM solutions, including other SWGs and antivirus software. The problem, I believe, lies with Firefox not accepting self-signed certificates as a trusted cert, regardless of whether or not you import it to Firefox's own trusted certificate store. This issue also seems to have arisen recently as I used to be able to use my solution at least 3 months ago with no issue.

more options

as your screenshots shows, there are elements of google.com which are loaded through http (this has to be caused by the MITM software is out of the control of firefox) - if a self-signed cert wasn't trusted you would see a different, full page error looking something like: Connection Untrusted

more options

I understand.

I am aware that one can ignore these warnings, however I need a solution where I can do this over a managed network, namely in AD and JAMF/Casper where I can automatically do this for a large amount of users. I also wish that this option wasn't enabled by default as it breaks a lot of enterprise products.

more options

alexander.diaz said

I understand. I am aware that one can ignore these warnings, however I need a solution where I can do this over a managed network, namely in AD and JAMF/Casper where I can automatically do this for a large amount of users. I also wish that this option wasn't enabled by default as it breaks a lot of enterprise products.

Any ideas on how I can manage this?

more options

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website.

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.

Firefox needs a root certificate that has the proper trust bit(s) to be able to build a certificate chain.