Can't add a certificate exception in Firefox 4.0, relevant buttons are disabled
I try to access a web site from a local network via HTTPS. The web server uses self-signed certificates, and Firefox presents a common "This connection is untrusted" window.
In version 3.x I simply clicked "Add Exception", and then "Confirm Security Exception". In Firefox 4.0, when I click "Add Exception", I see:
- "This site provides valid, verified verification. There's no need to add an exception".
- The "Permanently store this exception" checkbox and the "Confirm Security Exception" button are disabled.
I cannot access this protected site anymore. Any suggestions?
Modified by andrew.panin
Additional System Details
Every time Firefox opened
This started when...
I had installed Firefox 4.0.
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Adobe PDF Plug-In For Firefox and Netscape "9.4.2"
- Shockwave Flash 10.2 r152
- Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
What I have tried to do:
1. Deleted all found cert8.db files and restarted the browser.
2. Deleted all stored user certificates (exceptions) in browser settings.
Here's a screenshot.
Further, when you click "View..." from the "Add Security Exception" dialog, the Certificate Viewer states: "Could not verify this certificate because..."
This has only begun with Firefox 4 apparently.
In my case, the host was in my windows etc/hosts file. When I used the IP address instead, Firefox allowed me to add the Certificate.
After that, it allowed me to add the certificate using the hostname from hosts again.
Update: this didn't seem to be to solution read my next post...
Modified by kentbower
The problem has something to do with the certificate being cached. When I click Tools=>Clear Recent History and try again, the "Confirm Security Exception" becomes enabled again.
Firefox team, I can recreate this problem easily. My PC has several development VMs which are essentially clones but with different IP addresses.
To create this problem change your etc/host for a hostname from one IP to another and try connecting to the same https:// site:
E.g. change between:
- 192.168.119.129 dev # oracle vm
- 192.168.119.128 dev # sandbox vm
I can create the problem this way and solve it by clearing my cache.
- Make sure that you not run Firefox in (permanent) Private Browsing - Browse the web without saving information about the sites you visit mode.
- In Private Browsing mode some menu items and features are disabled and show as grayed choices.
- You enter Private Browsing mode if you select: Tools > Options > Privacy > History: Firefox will: "Never Remember History"
- To see all History and Cookie settings, choose: Tools > Options > Privacy, choose the setting Firefox will: Use custom settings for history
- Uncheck: [ ] "Automatically start Firefox in a private browsing session"
I never turned Private Browsing on and didn't change privacy settings. Just used defaults. Have checked once again: the browser is not in Private Browsing mode, and the history is remembered.
There seems to be a work around to add exception.
You have to manually go to Tools -> Options -> Advanced -> View Certificates -> Servers -> Add Exception
Then the "Add Certificate Exception" window comes up. Just enter the URL at location https:// and click "Get certificate". Then "Add Security Exception".
This will allow you to access the site thereafter.
I'm not sure though why "Add Exception" button under the "I understand the rsiks" page does not work. May be a bug.
Holy crap, this is totally perfect, and solved my problem. For the sake of Google, and indexed searching, I'm going to repeat Firefox 4 ako exception a number of times so people experiencing the same problem - that is, Firefox 4 ako exception, ako not working Firefox 4, can't access ako from Firefox 4, and so on - can hopefully find this blurb.
When trying to open ako with Firefox 4, the usual certificate not trusted page appears, and when you click "Add Exception," nothing happens. Its could be a bug or overzealous security, but its certainly damn frustrating.
To access ako with Firefox 4 just follow the instruction in the above post, and paste "https://www.us.army.mil" when manually setting up the exception.
Thanks a million - I couldn't for the life of me find where to manually add this, so you've saved me quite a bit of headache. Hopefully other users trying to access ako with Firefox 4 will find this information, and find it useful, too.
I have this same problem with inability to access a website I have accessed many times before. I've gone through all the steps noted in previous emails on this subject, but when I click on the "confirm security exception" nothing happens. I eventually have to click "cancel" or just close the box. I can access this website fine via Explorer, but prefer to do everything in firefox.
None of the above solutions worked for me, this is what I did that worked.
put about:config in the url to access advanced settings, then promise to be careful :)
Find this line and double click it to set it to true: security.ssl.allow_unrestricted_renego_everywhere_temporarily_available_pref
Restart firefox and try to add the exception again.
See this link for information about 'Renegotiation' (CVE-2009-3555):
You can look for the pref security.ssl.renego_unrestricted_hosts on the about:config page and add the sites that you want to allow to the string value.
Filed but still unresolved comment #46 worked for me, sounds like the quick way is to clear our your internet history to achieve a similar result.
Bug 659736 - No way to add a security exception - "This site provides valid, verified identification. There is no need to add an exception." https://bugzilla.mozilla.org/show_bug.cgi?id=659736