security cefrificate, McAfee, Google
Hello.
I installed the latest Firefox for x86 Windows, v54.0.1. I use it on a PC which has McAfee installed but it's a company PC so I can't change settings of the McAfee software. The only website which causes me problems is Google, I always get the insecure connection screen (incorrect certificate, unknown issuer) and because it says it is HSTS connection I can't add any exception for this site.
I tried the security.ssl.enable_ocsp_stapling value change trick with no luck.
So how do I disable checking the certificate for google completely and permanently?
I'd like to point out that neither Chrome nor IE has this issue present.
Chosen solution
can you try to set security.enterprise_roots.enabled to "true" in about:config? https://wiki.mozilla.org/CA:AddRootToFirefox#Experimental_Built-in_Windows_Support
Read this answer in context 👍 0All Replies (8)
You can inspect the certificate chain in Google Chrome and export the root certificate. Then you can import this certificate in the Firefox Certificate Manager and set trust bit(s) when prompted.
- Options/Preferences -> Advanced -> Certificates: View Certificates
Good idea but I can't recognize which certificate is responsible for google website. There are tens of certificates in Chrome and the only one named directly "google" is actually under untrusted section ;) So how do I recognize the correct one?
--edit-- I just tried to import one certificate and in Firefox I got a message saying that "you can't install this personal certificate because user does not have suitable private key which was created when the certificate was requested".
Any workaround?
Modified by DonAndress
You need to open the Google website in Google Chrome and then click the padlock. You can check the connection details in the Connection tab (Certificate Details -> Details).
May I ask for the exact tutorial? I do not know if I do this correctly...
In Chrome I click on the padlock, tothe right new section opens, it's on tab "security", I have the main google.co.uk website opened, I can see two positions in the "security" tab: main origin (which contains www.google.co.uk) and secure origins (www.gstatic.com). Main origin cannot be exported, secure origins can, So I click on "open full cerfiticate details", in the new window I go to "details" and click on "copy to file". In another new window I click on next, then choose "DER encoded binary X.509 (.CER)" as a desire file format.
In Firefox I go to settings, advanced, certificate, display certificates, I go to servers, add exceptions, in the address field I paste the path to the cer file on my local drive which I just saved but then it says "checking information" and "trying to identify website" and it's stuck on this screen forever...
Is it a good sequence that I do?
What certificates do you see if Google Chrome if you check the details?
You probably would only need the top most root certificate as shown in Google Chrome assuming that intermediate certificate aren't required or send. If the root certificate is send as part of the certificate chain (i.e. you see the same certificate chain in Firefox as in Google Chrome) then you need to set trust bits for this specific root certificate in the Firefox Certificate Manager.
- Options/Preferences -> Advanced -> Certificates: View Certificates
Otherwise you will have to export the trusted root certificate in Google Chrome and import this certificate in Firefox. A root certificate will only work as such when trust bits are set. Intermediate certificate that are part of a certificate chain should never have trust bits set.
So in attachment is what I can do in Chrome. The sequence should be read to the right and down.
Which one in Firefox should i try to import this certificate: User, People, Servers, Certification Units or Other?
Modified by DonAndress
Chosen Solution
can you try to set security.enterprise_roots.enabled to "true" in about:config? https://wiki.mozilla.org/CA:AddRootToFirefox#Experimental_Built-in_Windows_Support
Sir, you are a genius. Thanks a million!