Mozilla will shut down Pocket’s services on July 8, 2025. At that time users will no longer be able to access the Pocket website, apps and API. You can export your saved items and API data until October 8, 2025 before they are permanently removed. For more information, see this article.

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to disable all ssl checking - sec_error_ca_cert_invalid

  • 3 replies
  • 7 have this problem
  • 108 views
  • Last reply by jwhitene

Is it possible to disable all SSL checking of any kind within firefox?

I'm stuck with this error. (copied from another post) https://support.cdn.mozilla.net/media/uploads/images/2014-08-04-14-05-02-bc62ea.png

I have already set mozillapkix to false. I do not want to have to import self-signed certs for all my servers into firefox. I also deal with 'broken ssl', like incomplete certificate chains, etc.. on load balancers, or other odd devices.

I had a version of nightly that was working with mozillapkix set to false, but it looks like it auto-updated:( so it is at 33.0.2 now, and no longer likes my self-signed certs again. (Which reminds me I need to turn off auto-update if possible).

If there is no way to completely disable ssl checking in Firefox, is there a nightly build version, or prior build version (I forget what version this new ssl checking began), that I can use that will avoid this stringent ssl checking (why there is no 'add exception' is still confusing...)?

Is it possible to disable all SSL checking of any kind within firefox? I'm stuck with this error. (copied from another post) https://support.cdn.mozilla.net/media/uploads/images/2014-08-04-14-05-02-bc62ea.png I have already set mozillapkix to false. I do not want to have to import self-signed certs for all my servers into firefox. I also deal with 'broken ssl', like incomplete certificate chains, etc.. on load balancers, or other odd devices. I had a version of nightly that was working with mozillapkix set to false, but it looks like it auto-updated:( so it is at 33.0.2 now, and no longer likes my self-signed certs again. (Which reminds me I need to turn off auto-update if possible). If there is no way to completely disable ssl checking in Firefox, is there a nightly build version, or prior build version (I forget what version this new ssl checking began), that I can use that will avoid this stringent ssl checking (why there is no 'add exception' is still confusing...)?

Chosen solution

If this is a major headache, you can use the Extended Support Release version of Firefox 31. I believe the preference to disable use of PKIX still works in that version. You could test with the "Portable Apps" build first before switching.

More info on ESR: http://www.mozilla.org/firefox/organizations/

Portable build (unofficial) for testing: http://portableapps.com/apps/internet/firefox-portable-esr (uses its own local profile, exit your normal Firefox first)

Read this answer in context 👍 0

All Replies (3)

Chosen Solution

If this is a major headache, you can use the Extended Support Release version of Firefox 31. I believe the preference to disable use of PKIX still works in that version. You could test with the "Portable Apps" build first before switching.

More info on ESR: http://www.mozilla.org/firefox/organizations/

Portable build (unofficial) for testing: http://portableapps.com/apps/internet/firefox-portable-esr (uses its own local profile, exit your normal Firefox first)

hello jwhitene, please try running firefox beta which should contain some fixes to allow for overriding certain untrusted connection error messages again: https://www.mozilla.org/firefox/channel/#beta

it is not possible to generally switch of the checking of ssl certificates - if this were an option exposed to the user obviously malware and all sorts of attackers could use that too...

The extended Support Release version of Firefox 31 worked, thanks. I'll check out the beta or newer releases if/when I start running into plugin-compatibility issues as time goes on.

Thanks.