Disable "this connection is untrusted" page
I would like to completely disable the "this connection is untrusted dialog." I am an administrator and deal with many intranet sites. It is not cost effective to set an exception for each site. Corporate standards require us to use either IE, or Firefox, and I would prefer not to have to use IE.
To be clear: I am not looking for a solution that lessens the amount of overall clicks, like in browser.ssl override behavor in "about:config" nor am I looking for an Add-on (like "remember certificate exception"). I am looking for a way to remove the "this connection is untrusted" dialog completely.
Additional System Details
- IE Tab Plug-in for Mozilla/Firefox
- ActiveTouch General Plugin Container Version 105
- Office Plugin for Netscape Navigator
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Adobe PDF Plug-In For Firefox and Netscape "9.4.0"
- Default Plug-in
- Shockwave Flash 10.1 r85
- Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers
- User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:18.104.22.168) Gecko/20101026 Firefox/3.6.12
Modified about:config for the browser.ssl override behavor
Tried various add-ons
I know I'm not alone in this issue - has anyone come up with a resolution?
You can only do that by installing a root certificate for the certificates that are send by those pages.
I appreciate the reply, but unfortunately that wouldn't work. The goal is to reduce the amount of administration time needed for each site. Installing certs and keeping them current for each of these sites/devices would cause much more effort than simply adding an exemption.
I also have this problem and would like to disable as ktjamm has suggested. Surely the Firefox administrators have a solution for this???
Firefox 4 is out, and the "remember certificate exception " add-on is not currently compatible with 4. This is still an issue - has anyone come up with a permanent way to remove the dialogs completely, without installing certificates on frequently changing internal websites?
have u guys tried checking the system clock? mismatched system clock/date sometimes causes this error
Modified by dreamerzz
It's not an error per say, Firefox is doing what it should be doing. A lot of the sites I would administrate don't have a third party signed certificate to verify. What I am asking for is a way to remove the dialog all together, to save time of either 1) going through the dialog foe EVERY website that I administrate (and changes frequently) 2) spending time installing a cert (which will take more time) for every frequently changing site I administrate.
It would be far far better for me to make a config change to make Firefox not check for certificates at all, rather than have to put up with Firefox "protecting me for my own good"
I don't want to be rude, and I love Firefox so much, and damn I don't want to sound childish but my thoughts are: Stupid Firefox!!! How come we, users have to spend so much time to search solution to stop this? Come on it is most annoying when user face some kind of undesirable error messages.
We pay money to buy faster computers to make our user experience smooth (which includes to remove any kind of error messages) and now our favorite open source browser gives us that s**t. Disgusting.
This is a huge problem! I am seeing it discussed everywhere. Read this: http://social-biz.org/2011/10/16/the-anti-ssl-conspiracy/
The thing is: a SSL connection with an invalid certificate is STILL BETTER than a completely open unprotected HTTP connection. This dialog makes it appear much worse, when in fact it not.
If FireFox encounters a "self-signed" HTTPS server, it should browse to it without delay, exactly as if it was an HTTP server. It should not give this scary warning. It also should NOT appear as a trusted site. It should just work like a normal HTTP site which does not have a valid certificate either.
Please let people know how ridiculous this is.
Modified by agilepro
I was having the same problem and adjusting the clock time to match the current date and time worked.
I want to emphasize this isn't a clock issue, or a bug of any kind. This is Standard Firefox behavior that is impeding my (and others) job function. This is an issue with me having 100's of internal unsigned certificates for websites (Like remote access cards/temporary application config pages, etc. ) We are looking for the ability to disable the dialog all together for enterprise use.
"This Firefox extension enables skipping the SSL/TLS certificate error page, for specific configurable conditions, like self-signed cert or unknown issuer, by adding a temporary exception."
The Skip Cert add on actually took care of my problems. I understand it disables the warning for all certs, but it just made my job 4000% easier. Thanks Gingerbread_Man.
It's sad that there has to be an add-on to undo what was a frustrating change from 3.5 -> 4.0. My hope is Mozilla is more willing to address business users in the future.
Modified by ktjamm
But the real question is : How secure is that ?
Suddenly i get a "This connection is unsecure" when trying to order something from www.zavvi.com (click : "My account" to enter https mode) when i order from my desktop's Firefox 8.
When i try doing the same thing from my notebook's Firefox 8, everything is secure.
What's the catch ??????????
Modified by Salabim
It's not really a question of security for me, as the sites I am hitting are all internal, this isn't something recommended for general use, but enterprise use.
This fix wouldn't be needed if we had the power to modify the behavior ourselves, instead of trusting a third party app.
The www.zavvi.com doesn't send the "VeriSign Class 3 Secure Server CA - G3" intermediate certificate, so if Firefox hasn't stored it from a previous visit to a website that has send it you will get an error.
You can inspect the certificate chain via a site like this:
You can copy and paste the "VeriSign Class 3 Secure Server CA - G3" certificate text on that page to a text file (VeriSign-G3.cer) and import that file in the Certificate Manager
- Firefox/Tools > Options > Advanced : Encryption: Certificates - View Certificates
You can also find the VeriSign certificate here:
I don't know if any one had answered this issue from my point of view adequately (too many post to read them all), so here goes.
MajorObvious says “adjusting the clock time to match the current date and time worked”, and ktjamm says “I want to emphasize this isn't a clock issue”. What ktjamm doesn’t realize is, MajorObvious is stating his experience, not a theory.
I was adamant that it could not be a date/time issue, because mine is exactly what my cell phone says the time is. However, I got this weird message from my computer’s time sync function: For security reasons, Windows can not synchronize with the server because your date does not match. Please fix the date & try again.
And when trying to open an account so I could post in this forum, I got this message: support.mozilla.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. The certificate will not be valid until 10/20/2011 5:25 AM. (Error code: sec_error_expired_issuer_certificate)
The date/time is obviously a time in the past, but the message says it “will not be valid UNTIL 10/20/2011 5:25 AM”. What gives???!!! The time on my PC is exactly the time and day it should be. It’s 12:45 on Dec 2, 2009. See it’s the right time & day. Uh oh, wait a minute, ok.. ok, wait a second. The damn year is set to 2009, how the hell did that happen????!!!!! How could the time & day be exactly correct, but the year be off?
So ktjamm, it may not be a Time/Date issue for you, but it could be for someone else. I have NEVER seen this message “This Connection is Untrusted” until today, and it WAS a Date issue for me. I changed the year to 2011 & no more “Untrusted” messages.
I determined how the Date issue occurred. My PC battery was disconnected when I replaced the motherboard. When I reset the Time/Date in the BIOS, I must have missed changing the year. I remember thinking I was expecting the year in the BIOS to be pre 2000 (like 1988), but it was not. Apparently my fascination with this anomaly disrupted the appropriate neurons from firing, and I never changed the year. Which explains why the Time/Day were spot on, and the year was not. It’s interesting to note that I didn’t notice the discrepancy sooner; while I was investigating this issue. Apparently, I only saw what I expected to see.
ktjamm, I am not trying to take anything away from your experience, or investigation. I wish you the best. I’m just saying there can be more than one right answer. For me, MajorObvious and perhaps countless others, it was/is a Time/Date issue.
So MajorObvious' contribution was helpful in getting me to look at the Date issue one more time, and helped me to see the truth, and resolve my issue.
Modified by tsrjs
Gingerbread_Man Thank you! This solved my problem as well! This makes my job so much easier!
Funny, the link "https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/" also throws me an Untrusted Connection error. URGH!
BRILLIANT SUGGESTION FOR EVERYONE: UPDATE THE TIME AND DATE OF YOUR COMPUTER TO AVOID THOSE UNTRUSTED ISSUES...I HOPE THIS WOULD BE A BIG HELP FOR EVERYBODY WHO SUFFER SAME ERRORS.
Modified by jeafrel111