We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox won't trust imported certificate

  • 9 个回答
  • 1 人有此问题
  • 10 次查看
  • 最后回复者为 cor-el

more options

In order for our secure webfilter to filter traffic on SSL encrypted websites, we have to install a certificate that will allow for an intentional mitm attack. We have only had a problem having this certificate replace Google's recently. Do we need to take an added step to have this certificate truly become trusted?

In order for our secure webfilter to filter traffic on SSL encrypted websites, we have to install a certificate that will allow for an intentional mitm attack. We have only had a problem having this certificate replace Google's recently. Do we need to take an added step to have this certificate truly become trusted?

所有回复 (9)

more options

I would like a response, please.

more options

can you be more specific about what kind of error message / error code you are receiving?

more options

I have attached a screenshot.

more options

thanks, this screenshot doesn't reveal an error with a certificate but indicates that there are parts of the website which are not loaded through https (so called "mixed content"). you can inspect that by looking in the security tab of the firefox web console: https://developer.mozilla.org/en-US/docs/Security/MixedContent

you'd have to look into the workings of your MITMing solution on why it may be causing this...

more options

This issue exists for several different MITM solutions, including other SWGs and antivirus software. The problem, I believe, lies with Firefox not accepting self-signed certificates as a trusted cert, regardless of whether or not you import it to Firefox's own trusted certificate store. This issue also seems to have arisen recently as I used to be able to use my solution at least 3 months ago with no issue.

more options

as your screenshots shows, there are elements of google.com which are loaded through http (this has to be caused by the MITM software is out of the control of firefox) - if a self-signed cert wasn't trusted you would see a different, full page error looking something like: Connection Untrusted

more options

I understand.

I am aware that one can ignore these warnings, however I need a solution where I can do this over a managed network, namely in AD and JAMF/Casper where I can automatically do this for a large amount of users. I also wish that this option wasn't enabled by default as it breaks a lot of enterprise products.

more options

alexander.diaz said

I understand. I am aware that one can ignore these warnings, however I need a solution where I can do this over a managed network, namely in AD and JAMF/Casper where I can automatically do this for a large amount of users. I also wish that this option wasn't enabled by default as it breaks a lot of enterprise products.

Any ideas on how I can manage this?

more options

Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field of this window type or paste the URL of the website.

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.

Firefox needs a root certificate that has the proper trust bit(s) to be able to build a certificate chain.