Security exceptions
Having read so many posts I can not find answer to this one! Running ESR 102.5 and accessing a Synology NAS on a LAN with direct IP (eg 192.168.1.77) usings https:\\192.168.1.77:port number
Usually use an old Firefox (52.9 ESR) for LAN traffic as last version that allows notes against bookmarks. No issues with accessing the NAS.
On using 102.5 with the https:\\ entry it ALWAYS brings up "Warning - Potential...risk ahead" and then gives the standard SEC_ERROR_UNKNOWN_ISSUER because of course it is looking for an IP ADDRESS and you can not create a certicate for an IP ADDRESS!
This is very, very annoying every time loggng in (cache etc cleared on all exits) and older versions you could add security exceptions.
have changed the preference:- security.insecure_field_warning.contextual.enabled = false but does nothing.
Is there any way to remove this annoying fault of IP addresses as a LAN in not a secuirty isssue?
Suggestions welcomed! Thanks
All Replies (8)
You should contact your NAS support about how to setup your NAS connections.
Thank you for your reply but absolutely nothing to do with the NAS but the weird settings in Firefox as expecting a security cetificate for an IP address!
JR
Certificate comes from what device your using not from Firefox. One should still look at Synology NAS support as you mentioned that was having connection issue.
Dear both,
Sorry, but you are not reading the post! This is nothing to do with the NAS.
I am connecting to an IP ADDRESS via https. It is NOT POSSIBLE to get a certificate for an IP Address, only a domain or similar. Therefore Firefox should KNOW that a certificate is not possible and therefore should not give this error - or offer to log it as exception.
There can never be a certificate on an IP address and only the CONNECTION is by https for security to log into a web interface on the NAS (Like a router log in). You can NOT log into any NAS by a name like in a web page.
Rgds
When I test HTTPS access to a local network server, the error page has the Advanced button which allows saving an exception. Does yours have that?
Mine shows a self-signed certificate error code, so perhaps that is handled slightly differently:
I just noticed this part:
firefox2030 said
This is very, very annoying every time loggng in (cache etc cleared on all exits) and older versions you could add security exceptions.
Clearing the cache doesn't clear security exceptions. What else are you clearing at shutdown? If you have a check mark for "Site settings", try unchecking that. Clearing Site Settings removes various kinds of site permissions such as cookie, autoplay, location, etc., and maybe it causes Firefox to clear certificate exceptions as well.
Thanks for comments, but does not resolve. It seems Firefox developers have REMOVED the option to add an exception for some very unknown reason. The error/warning is the same as yours because the IP can not have a security certificate.
Seems somewhere after 90ESR they removed this option. Sadly have no idea how to (or the time) to complain to the developers but it really is a nuisance and the browser SHOULD be able to determine if name is a domain or an IP and act accordingly.
Seems there is not settiong in about:config that will change this.
Sad. May mean I need to move from Firefox to a better browser - or stay with my trusty Firefox 56 ESR.
John
firefox2030 said
It seems Firefox developers have REMOVED the option to add an exception for some very unknown reason. The error/warning is the same as yours because the IP can not have a security certificate. Seems somewhere after 90ESR they removed this option.
My screenshot is from Firefox 107.0.1.
Can you reply with a copy/paste of all the text on the error page? Maybe there is some further information there that would help explain what you're seeing. You can replace the specific IP address with 0000.