Certificate Pinning Reports

This article is no longer maintained, so its content might be out of date.

HTTP Public Key Pinning (HPKP) is a security feature that prevents attackers from using fraudulent or misused certificates to impersonate a site. It allows the owner of a site to specify who can issue valid certificates with that identity, rather than accepting any one of the hundreds of built-in root certificates that ship with your browser.

For more information, see HTTP Public Key Pinning at MDN Web Docs.

What happens if I see a key pinning error page?

If a site uses key pinning and its certificate chain does not match the pin, Firefox will reject the connection and show a Secure Connection Failed error page with the message,
The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE.

Fx66SecureConnectionFailed-KeyPinning

This is done for your protection, so you don't inadvertently visit a site that's not authentic.

What can I do if Firefox rejects the connection?

If you believe that Firefox rejected the connection in error, report it to us by checking the box next to Report errors like this to help Mozilla identify and block malicious sites. It is up to the website owner to update their key pinning.

Note: Key pinning errors can also be caused by network issues. Powering off and then turning back on your modem/router or computer may resolve the problem.

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More