X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.
Scheduled maintenance: Monday, March 30, between 3:30pm and 5:30pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Hilfeforum

We operate in a very restricted DNS environment and downloading sites with signed wildcard SSL is very slow so how do we disable all checks and keep HTTPS?

Veröffentlicht

If we were using a self-signed certificate we could add an exception. But we use a DigiCert wildcard certificate. Our sites use a very restricted DNS with maybe a dozen URLs for which a name resolves to an IP. When Firefox is used to access our sites over HTTPS it is slow and often fails to load bu serving up error messages on the security of the site. I believe this is because it is looking to verify the certificate or revocation. We do not have this issue using HTTP. I have disabled "Query OCSP" but it has not helped.

Any assistance would be appreciated.

Thanks.

If we were using a self-signed certificate we could add an exception. But we use a DigiCert wildcard certificate. Our sites use a very restricted DNS with maybe a dozen URLs for which a name resolves to an IP. When Firefox is used to access our sites over HTTPS it is slow and often fails to load bu serving up error messages on the security of the site. I believe this is because it is looking to verify the certificate or revocation. We do not have this issue using HTTP. I have disabled "Query OCSP" but it has not helped. Any assistance would be appreciated. Thanks.

Ausgewählte Lösung

So, I have a solution for this, but I don't consider it ideal.

Our certificate provider uses two URLs resolving to a single IP to validate certificates. Adding these records to our restricted DNS solves the problem. However, IPs addresses do change from time-to-time and each site would have to be updated should that happen.

Ideally, it would be nice if Mozilla would add a "trust" or whitelist option to Firefox.

Thanks.

Diese Antwort im Kontext lesen 0

Mehr Details zum System

Installierte Plugins

  • DivX Web Player version 1.4.0.233
  • Next Generation Java Plug-in 11.51.2 for Mozilla browsers
  • The Videos 3.10.1 plugin handles video and audio streams.
  • Shockwave Flash 11.2 r202

Anwendung

  • User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0

Weitere Informationen

FredMcD
  • Top 10 Contributor
4386 Lösungen 61564 Antworten
Veröffentlicht

I've called the big guys to help you. Good luck.

I've called the big guys to help you. Good luck.
Veröffentlicht

Ausgewählte Lösung

So, I have a solution for this, but I don't consider it ideal.

Our certificate provider uses two URLs resolving to a single IP to validate certificates. Adding these records to our restricted DNS solves the problem. However, IPs addresses do change from time-to-time and each site would have to be updated should that happen.

Ideally, it would be nice if Mozilla would add a "trust" or whitelist option to Firefox.

Thanks.

So, I have a solution for this, but I don't consider it ideal. Our certificate provider uses two URLs resolving to a single IP to validate certificates. Adding these records to our restricted DNS solves the problem. However, IPs addresses do change from time-to-time and each site would have to be updated should that happen. Ideally, it would be nice if Mozilla would add a "trust" or whitelist option to Firefox. Thanks.