X
Tap here to go to the mobile version of the site.

Support Forum

How to allow security exceptions for sites that don't allow exceptions

Posted

I'm not able to access certain sites do to missing "Add Exception" button. I have tried all the suggestions, like modifying about:config, resetting firefox completely, and deleting appData.

1) Other browsers work fine 2) The corporate VPN or security software is probably creating certificate problems. Asking them to change is not an option 3) I don't care if the site is well-maintained or not, I need to access it. 4) I don't plan on logging into any websites or sharing any data. 5) If Firefox really can't do this, then I need to use a different browser

I don't care about security here. The sites I want to access are just public pictures and videos, and I don't plan on logging in.

An example is embedded videos from Twitter.com. I'm not able to access them.


Any help?

I'm not able to access certain sites do to missing "Add Exception" button. I have tried all the suggestions, like modifying about:config, resetting firefox completely, and deleting appData. 1) Other browsers work fine 2) The corporate VPN or security software is probably creating certificate problems. Asking them to change is not an option 3) I don't care if the site is well-maintained or not, I need to access it. 4) I don't plan on logging into any websites or sharing any data. 5) If Firefox really can't do this, then I need to use a different browser I don't care about security here. The sites I want to access are just public pictures and videos, and I don't plan on logging in. An example is embedded videos from Twitter.com. I'm not able to access them. Any help?

Additional System Details

Installed Plug-ins

  • Shockwave Flash 30.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

More Information

Shadow110 1072 solutions 14836 answers

There is security software like Avast/AVG, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. If you are running any of the above software please their their community forum for a work around to apply settings.

These pages are also for the errors you may have besides relating to the above.

One issue that seems more common lately is Firefox's Tracking Protection feature. When it is blocking content in a page, a shield icon will appear at the left end of the address bar next to the padlock icon. This article has more info on managing this feature: Tracking Protection https://support.mozilla.org/en-US/kb/tracking-protection

Please let us know if this solved your issue or if need further assistance.

There is security software like Avast/AVG, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. If you are running any of the above software please their their community forum for a work around to apply settings. *https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message#w_avast-and-avg-security-products These pages are also for the errors you may have besides relating to the above. *https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can *https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites *https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message *https://support.mozilla.org/en-US/kb/connection-untrusted-error-message *http://kb.mozillazine.org/Error_loading_websites *https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER One issue that seems more common lately is Firefox's Tracking Protection feature. When it is blocking content in a page, a shield icon will appear at the left end of the address bar next to the padlock icon. This article has more info on managing this feature: Tracking Protection https://support.mozilla.org/en-US/kb/tracking-protection Please let us know if this solved your issue or if need further assistance.

Question owner

No, sorry, your response did not help.

Yes, the corporate security measures are inserting a certificate or mangling it somehow.

We are not using any of the software you mentioned, we are using custom software.

As I mentioned in the original question, I cannot make them change. They won't change. It isn't a priority for them to allow secure browsing.

I just need to view news, articles, videos, etc, related to my work.

I don't need any form of secure browsing.

Do I need to switch browsers?

No, sorry, your response did not help. Yes, the corporate security measures are inserting a certificate or mangling it somehow. We are not using any of the software you mentioned, we are using custom software. As I mentioned in the original question, I cannot make them change. They won't change. It isn't a priority for them to allow secure browsing. I just need to view news, articles, videos, etc, related to my work. I don't need any form of secure browsing. Do I need to switch browsers?

Modified by troyofearth

jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

Hi troyofearth, I posted this reply to your comment in a different thread yesterday. You didn't respond there, so I'll copy/paste here:

Does all your browsing run through a proxy operated by your company? Any "man in the middle" must issue fake site certificates in order to decrypt your browsing (for the benign purposes of securing the company and enforcing policy), so naturally Firefox won't accept those certificates.

You have two options for making Firefox compatible with the proxy:

(1) Import the proxy's signing certificate as a trusted authority in Firefox

(2) Set Firefox to trust all the signing certificates in the Windows certificate store

Option #1 is a bit more protective because malware is far less likely to infect Firefox's certificate store than the system certificate store shared by Microsoft and Google browsers. This may not be a concern on a company PC.

Option #2 is fast and easy. So assuming you prefer fast and easy, here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste roots and pause while the list is filtered

(3) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true


Now one thing that's different from your other post is the word embedded here:

troyofearth said

An example is embedded videos from Twitter.com. I'm not able to access them.

So instead of the embedded video, Firefox displays the "Connection is not secure" page?

Hi troyofearth, I posted this reply to your comment in a different thread yesterday. You didn't respond there, so I'll copy/paste here: Does all your browsing run through a proxy operated by your company? Any "man in the middle" must issue fake site certificates in order to decrypt your browsing (for the benign purposes of securing the company and enforcing policy), so naturally Firefox won't accept those certificates. You have two options for making Firefox compatible with the proxy: (1) Import the proxy's signing certificate as a trusted authority in Firefox (2) Set Firefox to trust all the signing certificates in the Windows certificate store Option #1 is a bit more protective because malware is far less likely to infect Firefox's certificate store than the system certificate store shared by Microsoft and Google browsers. This may not be a concern on a company PC. Option #2 is fast and easy. So assuming you prefer fast and easy, here's how: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''roots''' and pause while the list is filtered (3) Double-click the '''security.enterprise_roots.enabled''' preference to switch the value from false to true ---- Now one thing that's different from your other post is the word embedded here: ''troyofearth [[#question-1223492|said]]'' <blockquote>An example is embedded videos from Twitter.com. I'm not able to access them. </blockquote> So instead of the embedded video, Firefox displays the "Connection is not secure" page?

Question owner

Yes correct, the video for twitter displays the "connection is not secure" message.

And as I mentioned, I don't want nor need a secure connection.

This is a large multinational corporation and they don't provide a certificate for me to import.

Yes correct, the video for twitter displays the "connection is not secure" message. And as I mentioned, I don't want nor need a secure connection. This is a large multinational corporation and they don't provide a certificate for me to import.
jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

What about the settings change. Any effect?

What about the settings change. Any effect?
WestEnd
  • Top 25 Contributor
61 solutions 5340 answers

troyofearth said

Yes correct, the video for twitter displays the "connection is not secure" message. And as I mentioned, I don't want nor need a secure connection. This is a large multinational corporation and they don't provide a certificate for me to import.

This is the problem here you need to talk to the IT department as it seemed they locked down sites from access. If they did this then falls into their Company protocols and security. And that's whom you need to contact.

''troyofearth [[#answer-1127645|said]]'' <blockquote> Yes correct, the video for twitter displays the "connection is not secure" message. And as I mentioned, I don't want nor need a secure connection. This is a large multinational corporation and they don't provide a certificate for me to import. </blockquote> This is the problem here you need to talk to the IT department as it seemed they locked down sites from access. If they did this then falls into their Company protocols and security. And that's whom you need to contact.
cor-el
  • Top 10 Contributor
  • Moderator
17351 solutions 156825 answers

Try to set this pref to true on the about:config page in case your security software adds its root certificate to the Windows certificate store.

  • security.enterprise_roots.enabled = true

You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

Try to set this pref to true on the <b>about:config</b> page in case your security software adds its root certificate to the Windows certificate store. *security.enterprise_roots.enabled = true You can open the <b>about:config</b> page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue. *http://kb.mozillazine.org/about:config

Question owner

Enterprise_Roots.enabled was the key for one of the sites. Thank you.

Enterprise_Roots.enabled was the key for one of the sites. Thank you.

Modified by troyofearth

Question owner

The general question still remains.

If I find a site that is improperly set up, or my VPN is improperly setup, but I don't actually want secure browsing, is there a way for me to view the site insecurely?

The general question still remains. If I find a site that is improperly set up, or my VPN is improperly setup, but I don't actually want secure browsing, is there a way for me to view the site insecurely?
jscher2000
  • Top 10 Contributor
8583 solutions 70216 answers

Hi troyofearth, you can add exceptions to trust unproven certificates in some cases; a button will appear in the panel opened by the Advanced button.

The main exception is hosts that require HTTP Strict Transport Security (HSTS). This is an instruction from the server about how browsers can connect. Firefox won't allow you to add an exception for those (and may not honor it if you sneak it in).

Hi troyofearth, you can add exceptions to trust unproven certificates in some cases; a button will appear in the panel opened by the Advanced button. The main exception is hosts that require HTTP Strict Transport Security (HSTS). This is an instruction from the server about how browsers can connect. Firefox won't allow you to add an exception for those (and may not honor it if you sneak it in).