搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

How can I bypass security HSTS certificate check ?

  • 4 个回答
  • 18 人有此问题
  • 3 次查看
  • 最后回复者为 Kzwix

more options

I'm trying to connect to a website which uses HSTS, and has an expired certificate.

I would like Firefox to let me add an exception, even temporarily, in order to be able to use that website, even in an insecure way, because I only care about what is written on this website, and I utterly don't care if someone catches anything from my visit there - it's a games wiki site, not a banking site, nor a terrorist hideout, or bomb-making den, or whatever, so I really do NOT need security going there.


I deeply resent Firefox preventing me, the user, from telling it to accept it anyway and proceed. I tried adding the certificate manually to the server, in the certificates window, but, as it is expired, it didn't work. I would like Firefox to let people choose what to accept, or what NOT to accept, instead of making the choice for them...

So... is there some way to circumvent this for THIS site, only ? Because I read about a test.currentTimeOffsetSeconds setting in about:config, but I fear it would be used for all certificates, and, thus, keep accepting other expired certificates too, which I absolutely do NOT want.


I find it distressing to have to turn to another browser for such a simple thing.

I'm trying to connect to a website which uses HSTS, and has an expired certificate. I would like Firefox to let me add an exception, even temporarily, in order to be able to use that website, even in an insecure way, because I only care about what is written on this website, and I utterly don't care if someone catches anything from my visit there - it's a games wiki site, not a banking site, nor a terrorist hideout, or bomb-making den, or whatever, so I really do NOT need security going there. I deeply resent Firefox preventing me, the user, from telling it to accept it anyway and proceed. I tried adding the certificate manually to the server, in the certificates window, but, as it is expired, it didn't work. I would like Firefox to let people choose what to accept, or what NOT to accept, instead of making the choice for them... So... is there some way to circumvent this for THIS site, only ? Because I read about a test.currentTimeOffsetSeconds setting in about:config, but I fear it would be used for all certificates, and, thus, keep accepting other expired certificates too, which I absolutely do NOT want. I find it distressing to have to turn to another browser for such a simple thing.

所有回复 (4)

more options

I don't think there is any built-in feature for this.

Why would a site that requires HTTPS allow its certificate to expire?!

In some cases, the site only sets HSTS for some portions of the site and you do not need to access those portions right away. In those cases, clearing Firefox's record of HSTS headers could allow you to make a temporary exception when you visit a section of the site that doesn't serve that header. This thread addressed that issue: https://support.mozilla.org/questions/1126812.

more options

Well, the website is https://www.gnomoriawiki.com/, and I highly suspect it has to do with the "Let's encrypt !" initiative.

The idea being to drown government-sponsored cypher-breaking capabilities under a lot a useless noise, to mask the interesting traffic, it would make sense, if you support this, to make people use HTTPS, even for something this benign.

more options

Maybe because I've never connected to the server before, I do get an "Add Exception" button. Firefox doesn't honor HSTS unless it is sent over HTTP HTTPS, so perhaps that explains the difference.

由jscher2000 - Support Volunteer于修改

more options

Thanks, I surgically removed the "gnomoriawiki.com:HSTS" (and a bit more stuff on the line) from the SiteSecurityServiceState.txt file, started Firefox again, and then, It allowed me to add an exception, just like you said.

I still think it's counter-intuitive, and bad UI, but I'm glad you could provide me with this walkaround.