X
Πατήστε εδώ για μετάβαση στην έκδοση της ιστοσελίδας για κινητές συσκευές.

Φόρουμ υποστήριξης

Problem with register certificates on Firefox version 54

Δημοσιεύτηκε

I created a program which adds a certificate to Firefox to communicate with a websocket at localhost. To use it with https, I had to add a certificate to certificate stores, including the one Firefox uses. To Firefox, the command used:

certutil.exe -d [cert8.db path] -A -t "TCu,Cuw,Tuw" -n [name] -i [crt path]

Friday I noticed that it stopped working. I add, no issue reported. I use -L, the certificate is there. I even looked at Tools > Options > Advanced > Certificates, and it is there. But Firefox keep saying it's not trustable. Already closed and opened the browser.

I saw there was a update 13th June. Does it changed something about certificates part?

I created a program which adds a certificate to Firefox to communicate with a websocket at localhost. To use it with https, I had to add a certificate to certificate stores, including the one Firefox uses. To Firefox, the command used: certutil.exe -d [cert8.db path] -A -t "TCu,Cuw,Tuw" -n [name] -i [crt path] Friday I noticed that it stopped working. I add, no issue reported. I use -L, the certificate is there. I even looked at Tools > Options > Advanced > Certificates, and it is there. But Firefox keep saying it's not trustable. Already closed and opened the browser. I saw there was a update 13th June. Does it changed something about certificates part?

Επιλεγμένη λύση

Discovered the problem. They were two, actually.

First, now you need to add the CA of the certificate into Firefox too. I added the CA as trust "TC,," and the certificate as trust "u,,".

The second point is that the CA certificate need to be marked as CA. Seems obvious, but I didn't knew, and windows store do not care about this. You need to add an extension, basic constraint, with CA=true. At C#, using BouncyCastle:

var generator = new X509V3CertificateGenerator();
(...)
var basicContraint = new BasicConstraints(true);
generator.AddExtension(
    X509Extensions.BasicConstraints, true, basicContraint
);
Ανάγνωση απάντησης σε πλαίσιο 0

Επιπρόσθετες λεπτομέρειες συστήματος

Εφαρμογή

  • Πλατφόρμα χρήστη: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0

Περισσότερες πληροφορίες

Δημοσιεύτηκε

Επιλεγμένη λύση

Discovered the problem. They were two, actually.

First, now you need to add the CA of the certificate into Firefox too. I added the CA as trust "TC,," and the certificate as trust "u,,".

The second point is that the CA certificate need to be marked as CA. Seems obvious, but I didn't knew, and windows store do not care about this. You need to add an extension, basic constraint, with CA=true. At C#, using BouncyCastle:

var generator = new X509V3CertificateGenerator();
(...)
var basicContraint = new BasicConstraints(true);
generator.AddExtension(
    X509Extensions.BasicConstraints, true, basicContraint
);
Discovered the problem. They were two, actually. First, now you need to add the CA of the certificate into Firefox too. I added the CA as trust "TC,," and the certificate as trust "u,,". The second point is that the CA certificate need to be marked as CA. Seems obvious, but I didn't knew, and windows store do not care about this. You need to add an extension, basic constraint, with CA=true. At C#, using BouncyCastle: var generator = new X509V3CertificateGenerator(); (...) var basicContraint = new BasicConstraints(true); generator.AddExtension( X509Extensions.BasicConstraints, true, basicContraint );