X
Tap here to go to the mobile version of the site.

Support Forum

Localhost: This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox Developer Edition may only connect to it securely. As a result, it is no

Posted

Since the last Update on Firefox 59 Developers Edition I've got this message when trying to access to my localhost:

The owner of mydomain.dev has configured their website improperly. To protect your information from being stolen, Firefox Developer Edition has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox Developer Edition may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

This is working on Chrome as I am using a Self-signed certificate. I am on El Capitan with Apache 2.4.18

Since the last Update on Firefox 59 Developers Edition I've got this message when trying to access to my localhost: The owner of mydomain.dev has configured their website improperly. To protect your information from being stolen, Firefox Developer Edition has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox Developer Edition may only connect to it securely. As a result, it is not possible to add an exception for this certificate. This is working on Chrome as I am using a Self-signed certificate. I am on El Capitan with Apache 2.4.18

Chosen solution

the other way i could think of, is temporarily downgrading to devedition below b7 (http://archive.mozilla.org/pub/devedition/releases/59.0b5/mac/), visiting the https domain and storing the exception this way & then upgrade the browser again.

due to https://tools.ietf.org/html/rfc6797#section-12.1 it isn't possible to add exceptions for hsts sites unfortunately.

Read this answer in context 0

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Firefox/59.0

More Information

philipp
  • Top 25 Contributor
  • Moderator
5152 solutions 22821 answers

hi, https://medium.engineering/use-a-dev-domain-not-anymore-95219778e6fd

tl;dr don't use .dev for developement purposes - it's a gTLD owned by google and enforces https use since recently

hi, https://medium.engineering/use-a-dev-domain-not-anymore-95219778e6fd tl;dr don't use .dev for developement purposes - it's a gTLD owned by google and enforces https use since recently

Question owner

That's not the problem since ".dev" domain are fully working on Google Chrome as I've got an SSL Self Signed Certificate on my localhost.

This problem is related to Firefox Developer Edition.

That's not the problem since ".dev" domain are fully working on Google Chrome as I've got an SSL Self Signed Certificate on my localhost. This problem is related to Firefox Developer Edition.

Modified by Miguel

philipp
  • Top 25 Contributor
  • Moderator
5152 solutions 22821 answers

well, it is this problem since the .dev domain landed on the hsts preload list in firefox 59.0b7. if you have a self-signed certificate for your site, then you can import that through the "view certificates" button at the bottom of the firefox menu ≡ > options > privacy & security panel.

well, it is this problem since the .dev domain landed on the hsts preload list in firefox 59.0b7. if you have a self-signed certificate for your site, then you can import that through the "view certificates" button at the bottom of the firefox ''menu ≡ > options > privacy & security'' panel.

Question owner

I've got this:

This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.

And I've created the Certificate just today.

I've got this: This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested. And I've created the Certificate just today.
philipp
  • Top 25 Contributor
  • Moderator
5152 solutions 22821 answers

Chosen Solution

the other way i could think of, is temporarily downgrading to devedition below b7 (http://archive.mozilla.org/pub/devedition/releases/59.0b5/mac/), visiting the https domain and storing the exception this way & then upgrade the browser again.

due to https://tools.ietf.org/html/rfc6797#section-12.1 it isn't possible to add exceptions for hsts sites unfortunately.

the other way i could think of, is temporarily downgrading to devedition below b7 (http://archive.mozilla.org/pub/devedition/releases/59.0b5/mac/), visiting the https domain and storing the exception this way & then upgrade the browser again. due to https://tools.ietf.org/html/rfc6797#section-12.1 it isn't possible to add exceptions for hsts sites unfortunately.

Helpful Reply

OK Downgrading my Firefox to 59.0b5 worked: http://archive.mozilla.org/pub/devedition/releases/59.0b5/mac/

Which of course is just a temporary solution. Hopefully this will be solved soon!

OK Downgrading my Firefox to 59.0b5 worked: http://archive.mozilla.org/pub/devedition/releases/59.0b5/mac/ Which of course is just a temporary solution. Hopefully this will be solved soon!
philipp
  • Top 25 Contributor
  • Moderator
5152 solutions 22821 answers

Helpful Reply

the workflow would be: downgrade, access the https version of your local site, store the exception & upgrade again

the workflow would be: downgrade, access the https version of your local site, store the exception & upgrade again
dkeeler 0 solutions 3 answers

Miguel said

And I've created the Certificate just today.

What certificate issued the certificate you created? You'll have to import that into the "Authorities" section of the certificate manager (and trust it for websites).

''Miguel [[#answer-1076056|said]]'' <blockquote> And I've created the Certificate just today. </blockquote> What certificate issued the certificate you created? You'll have to import that into the "Authorities" section of the certificate manager (and trust it for websites).