A secure website certificate helps Firefox determine whether the site you are visiting is actually the site that it claims to be. This article explains how that works. __TOC__ =Certificate hierarchy= When you visit a website whose web address starts with '''https''', your communication with the site is encrypted to help ensure your privacy. Before starting the encrypted communication, the website will present Firefox with a certificate to identify itself. An https website is only secure to the extent that the website is operated by someone in contact with the person who registered the domain name, and the communication between you and the website is encrypted to prevent eavesdropping. No other surety is implied. When you visit a secure website, Firefox will validate the website’s certificate by checking that the certificate that signed it is valid, and checking that the certificate that signed the parent certificate is valid and so forth up to a [https://wiki.mozilla.org/CA:UserCertDB root certificate] that is known to be valid. This chain of certificates is called the ''certificate hierarchy''. =Certificate content= Secure website certificates contain the following information. '''Serial Number''': Uniquely identifies the certificate. '''Subject''': Identifies the certificate owner, such as the name of the organization owning the certificate. '''Issuer''': Identifies the entity that issued the certificate. '''Subject Alt Name Extension''': List of website addresses that the certificate can be used to identify. '''Signature''': Data that verifies that the certificate came from the Issuer. '''Signature Algorithm''': Algorithm used to create the Signature. '''Valid-From''': The date the certificate is first valid. '''Valid-To''': The expiration date. '''Key-Usage and Extended Key Usage''': Specifies how the certificate may be used, such as for confirming ownership of a website (Web Server Authentication). '''Public Key''': The public part of the data that comprises the public/private key pair. The public and private keys are mathematically linked, so the data encrypted with the public key can only be decrypted with the corresponding private key. '''Public Key Algorithm''': Algorithm used to create the Public Key. '''Fingerprint''': An abbreviated form of the Public Key. '''Fingerprint Algorithm''': Algorithm used to create the Fingerprint. =View a certificate= You can view certificate details from either the Firefox address bar or your Firefox preferences. ==From the Firefox address bar== From the Firefox address bar, you can quickly view the certificate details for the website that you are currently viewing. {for not fx70} When you have browsed to a website whose web address starts with '''https''', there will be a lock icon at the beginning of the address bar. Do the following to view a certificate: # Click the Site Info [[Image:Site Info button]] icon. # Click the right arrow to navigate to the pop-up that shows who verified the certificate. # Click the {button More Information} button. #;[[Image:Security Certificate - More Info - 42]] # From the '''Security''' tab within the '''Page Info''' window, click the {button View Certificate} button. #;The '''Certificate Viewer''' window displays with basic information about the certificate in the '''General''' tab, such as issuer, period of validity and fingerprints. The '''Details''' tab shows the certificate hierarchy, certificate fields for the selected certificate on the hierarchy, and field value details for the selected field. {/for} {for fx70} When you have browsed to a website whose web address starts with '''https''', there will be a lock icon at the beginning of the address bar. Do the following to view a certificate: # Click the lock [[Image:Fx70GreyPadlock]] icon. # Click the right arrow to navigate to the pop-up that shows who verified the certificate. # Click the {button More Information} button. #;[[Image:fx71 - View Certificate]] # From the '''Security''' tab within the '''Page Info''' window, click the {button View Certificate} button. #;The '''Certificate Viewer''' window displays with basic information about the certificate in the '''General''' tab, such as issuer, period of validity and fingerprints. The '''Details''' tab shows the certificate hierarchy, certificate fields for the selected certificate on the hierarchy, and field value details for the selected field. {/for} ==From Firefox settings== From the '''Certificates''' section of your Firefox settings, you can view all certificates that have been saved, along with their corresponding details. # [[Template:optionspreferences]] # Click {menu Privacy & Security} in the left pane. # Scroll down to the '''Certificates''' section. # Click the {button View Certificates…} button. #;The '''Certificate Manager''' pop-up displays with the '''Your Certificates''' tab selected by default, which contains a list of associated certificates. # Click a certificate from the list. # Click the {button View…} button at the bottom of the pop-up. #; The about:certificate page displays in a new tab with general information about the certificate such as issuer, period of validity and fingerprints. =Problematic certificates= When you browse to a website whose web address starts with '''https''' and there is a problem with the secure website certificate, you will see an error page. Some common certificate errors are described in the [[What do the security warning codes mean?]] article. To view the problematic certificate, follow these steps: {for not fx66} # On the '''Your connection is not secure''' warning page, click '''Advanced'''. # Click the {button Add Exception…} button. #;{for win}[[Image:Add Cert Exception 44]]{/for} # When the Add Security Exception dialog appears, click the {button View…} button. #;The Certificate Viewer dialog displays. {/for} {for fx66} # On the '''Warning: Potential Security Risk Ahead''' page, click '''Advanced'''. (On other error pages, click '''More Information'''.) #; Technical details about the error display. #Beneath the Error code, click '''View Certificate'''. #;The Certificate Viewer dialog displays. #;[[Image:Fx66ViewCertificate]] {/for} =Reporting certificate errors= Certificate error pages include an option to report the error to Mozilla. Sharing the address and site identification (the secure website certificate) for the site that was untrusted will help Mozilla identify and block malicious sites to keep you better protected. =Delete Certificates= You can delete certificates by doing the following: # [[Template:optionspreferences]] # Click {menu Privacy & Security} in the left pane. # Scroll to the '''Certificates''' section. # Click the {button View Certificates…} button. #;The '''Certificate Manager''' pop-up displays with the '''Your Certificates''' tab selected by default, which contains a list of associated certificates. # Click a certificate from the list. # Click the {button Delete…} button at the bottom of the pop-up. #; A confirmation pop-up displays. # Click the {button OK} button. #;The certificate no longer displays in the '''Your Certificates''' tab.

A secure website certificate helps Firefox determine whether the site you are visiting is actually the site that it claims to be. This article explains how that works.

Certificate hierarchy

When you visit a website whose web address starts with https, your communication with the site is encrypted to help ensure your privacy. Before starting the encrypted communication, the website will present Firefox with a certificate to identify itself.

An https website is only secure to the extent that the website is operated by someone in contact with the person who registered the domain name, and the communication between you and the website is encrypted to prevent eavesdropping. No other surety is implied.

When you visit a secure website, Firefox will validate the website’s certificate by checking that the certificate that signed it is valid, and checking that the certificate that signed the parent certificate is valid and so forth up to a root certificate that is known to be valid. This chain of certificates is called the certificate hierarchy.

Certificate content

Secure website certificates contain the following information.

Serial Number: Uniquely identifies the certificate.

Subject: Identifies the certificate owner, such as the name of the organization owning the certificate.

Issuer: Identifies the entity that issued the certificate.

Subject Alt Name Extension: List of website addresses that the certificate can be used to identify.

Signature: Data that verifies that the certificate came from the Issuer.

Signature Algorithm: Algorithm used to create the Signature.

Valid-From: The date the certificate is first valid.

Valid-To: The expiration date.

Key-Usage and Extended Key Usage: Specifies how the certificate may be used, such as for confirming ownership of a website (Web Server Authentication).

Public Key: The public part of the data that comprises the public/private key pair. The public and private keys are mathematically linked, so the data encrypted with the public key can only be decrypted with the corresponding private key.

Public Key Algorithm: Algorithm used to create the Public Key.

Fingerprint: An abbreviated form of the Public Key.

Fingerprint Algorithm: Algorithm used to create the Fingerprint.

View a certificate

You can view certificate details from either the Firefox address bar or your Firefox preferences.

From the Firefox address bar

From the Firefox address bar, you can quickly view the certificate details for the website that you are currently viewing.

From Firefox settings

From the Certificates section of your Firefox settings, you can view all certificates that have been saved, along with their corresponding details.

1. In the Menu bar at the top of the screen, click Firefox and then select Preferences or Settings, depending on your macOS version.Click the menu button and select Settings.
2. Click Privacy & Security in the left pane.
3. Scroll down to the Certificates section.
4. Click the View Certificates… button.

   The Certificate Manager pop-up displays with the Your Certificates tab selected by default, which contains a list of associated certificates.

5. Click a certificate from the list.
6. Click the View… button at the bottom of the pop-up.

   The about:certificate page displays in a new tab with general information about the certificate such as issuer, period of validity and fingerprints.

Problematic certificates

When you browse to a website whose web address starts with https and there is a problem with the secure website certificate, you will see an error page. Some common certificate errors are described in the What do the security warning codes mean? article.

To view the problematic certificate, follow these steps:

Reporting certificate errors

Certificate error pages include an option to report the error to Mozilla. Sharing the address and site identification (the secure website certificate) for the site that was untrusted will help Mozilla identify and block malicious sites to keep you better protected.

Delete Certificates

You can delete certificates by doing the following:

1. In the Menu bar at the top of the screen, click Firefox and then select Preferences or Settings, depending on your macOS version.Click the menu button and select Settings.
2. Click Privacy & Security in the left pane.
3. Scroll to the Certificates section.
4. Click the View Certificates… button.

   The Certificate Manager pop-up displays with the Your Certificates tab selected by default, which contains a list of associated certificates.

5. Click a certificate from the list.
6. Click the Delete… button at the bottom of the pop-up.

   A confirmation pop-up displays.

7. Click the OK button.

   The certificate no longer displays in the Your Certificates tab.