Avatar for Username

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

How to disable all ssl checking - sec_error_ca_cert_invalid

  • 3 replies
  • 7 have this problem
  • 107 views
  • Last reply by jwhitene

jwhitene
jwhitene

Is it possible to disable all SSL checking of any kind within firefox?

I'm stuck with this error. (copied from another post) https://support.cdn.mozilla.net/media/uploads/images/2014-08-04-14-05-02-bc62ea.png

I have already set mozillapkix to false. I do not want to have to import self-signed certs for all my servers into firefox. I also deal with 'broken ssl', like incomplete certificate chains, etc.. on load balancers, or other odd devices.

I had a version of nightly that was working with mozillapkix set to false, but it looks like it auto-updated:( so it is at 33.0.2 now, and no longer likes my self-signed certs again. (Which reminds me I need to turn off auto-update if possible).

If there is no way to completely disable ssl checking in Firefox, is there a nightly build version, or prior build version (I forget what version this new ssl checking began), that I can use that will avoid this stringent ssl checking (why there is no 'add exception' is still confusing...)?

Is it possible to disable all SSL checking of any kind within firefox? I'm stuck with this error. (copied from another post) https://support.cdn.mozilla.net/media/uploads/images/2014-08-04-14-05-02-bc62ea.png I have already set mozillapkix to false. I do not want to have to import self-signed certs for all my servers into firefox. I also deal with 'broken ssl', like incomplete certificate chains, etc.. on load balancers, or other odd devices. I had a version of nightly that was working with mozillapkix set to false, but it looks like it auto-updated:( so it is at 33.0.2 now, and no longer likes my self-signed certs again. (Which reminds me I need to turn off auto-update if possible). If there is no way to completely disable ssl checking in Firefox, is there a nightly build version, or prior build version (I forget what version this new ssl checking began), that I can use that will avoid this stringent ssl checking (why there is no 'add exception' is still confusing...)?

Chosen solution

If this is a major headache, you can use the Extended Support Release version of Firefox 31. I believe the preference to disable use of PKIX still works in that version. You could test with the "Portable Apps" build first before switching.

More info on ESR: http://www.mozilla.org/firefox/organizations/

Portable build (unofficial) for testing: http://portableapps.com/apps/internet/firefox-portable-esr (uses its own local profile, exit your normal Firefox first)

Read this answer in context 👍 0

All Replies (3)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor

Chosen Solution

If this is a major headache, you can use the Extended Support Release version of Firefox 31. I believe the preference to disable use of PKIX still works in that version. You could test with the "Portable Apps" build first before switching.

More info on ESR: http://www.mozilla.org/firefox/organizations/

Portable build (unofficial) for testing: http://portableapps.com/apps/internet/firefox-portable-esr (uses its own local profile, exit your normal Firefox first)

philipp
philipp
  • Moderator

hello jwhitene, please try running firefox beta which should contain some fixes to allow for overriding certain untrusted connection error messages again: https://www.mozilla.org/firefox/channel/#beta

it is not possible to generally switch of the checking of ssl certificates - if this were an option exposed to the user obviously malware and all sorts of attackers could use that too...

jwhitene
jwhitene Question owner

The extended Support Release version of Firefox 31 worked, thanks. I'll check out the beta or newer releases if/when I start running into plugin-compatibility issues as time goes on.

Thanks.