X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Can't add exception to a https site, with self signed certificate!

Posted

When i try to connect to a site with a self signed certificate i can't complete the connection.

Chosen solution

gperes, I ran into this same issue with a Cisco device that had a self-signed cert by default.

Preferences - Advanced - Encryption - View Certificates - * Authorities *

There was an authority named "IOS-self-signed" or something like that from the Cisco device. Deleting that and then restarting Firefox solved the issue for me.

What helped me find that Authority to look for was using Safari to go to the device and view the SSL info. Hate that Firefox (21.0) blocks you completely and doesn't even let you view the cert info. PLEASE FIX Mozilla!! I should at least be able to view the cert.

Read this answer in context 2

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11

More Information

I've tried to "Add Exception" to the certificate, but i give me the following message "No Information Available - Unable to obtain identification status for the given site." and don't enable the Confirm Security Exception button, to enable the access to the site.

zilla-irksome-profilerenew 1 solutions 11 answers

There are a variety of firefox extensions to mitigate this behavior:

https://addons.mozilla.org/en-US/firefox/search/?q=certificate

Question owner

Still can't access the page! These addons only shows or import/export the certificates. Don't fix the problem.

MomV 0 solutions 2 answers

I am having the same problem. It says the certificate is not trusted BUT doesn't give you the choice to add an exception. But get this... I have another computer and it works just fine on that one. How the heck do you explain that one? All settings are the same. I'm so tired of you Firefox.

cor-el
  • Top 10 Contributor
  • Moderator
10753 solutions 96760 answers

Can you post a link to such a page?

If you have visited that domain previously then you may already have stored an exception.

You can try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.

If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.


Also check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

Question owner

Still the same problem!

MomV 0 solutions 2 answers

No change, I've moved on to Chrome.

Question owner

I will have to change the browser and not recommend to anyone, I've posted for almost a month and till now, nobody from mozilla have at least the consideration to try to discuss the problem.

mrtingore 0 solutions 1 answers

Helpful Reply

I found an answer at this site http://support.mozilla.org/en-US/questions/929298

Quote: hello shrenikd & dtrager - apparently the hiding of the possibility to add exceptions in an iframe is by design in order to avoid fraudulent attempts to apply a certificate to users who think they are on a different page (see new comments on the bug).

@dtrager - in case the page you're trying to access is embedded in an iframe, right-click the error page, click on "this frame" > "show only this frame" and hopefully you can add an exception in the next step. this should only be necessary once if you choose to permanently store the exception.

Question owner

Still don't work, it is not in a frame, so doesn't work this workaround. I will change the browser is not possible that a question like this one is posted for this long and nobody from mozilla have at least the consideration to contact to understand the problem. I always used the firefox browser, but for the first time in my life i think to use other browser that is not firefox.

cor-el
  • Top 10 Contributor
  • Moderator
10753 solutions 96760 answers

Did you ever create an exception in the past for that site?

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates > Servers

See also:

Question owner

nope. There is no exception created for this site. it was the first time that i've tried to access the site.

raviparekh027 0 solutions 1 answers

https://icalmscontent.ultimatix.net/ I cannot add exception. I did -> I understand the technical Risk - > Add Exception -> disabled confirm security exception

Certificate status - > Valid

this site provide valid verified identification. no need to add an exception.

cor-el
  • Top 10 Contributor
  • Moderator
10753 solutions 96760 answers

Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

Did you try to click the View Certificate button to retrieve and inspect the certificate and check the certificate chain?

Question owner

I know that the intentions are good in try everything that is simple, but it is not the case, the computer is up to date, date and time are working fine and only firefox do this.

rslo77 0 solutions 1 answers

Clear all you browser's cache. Mostly likely you have connected to the https site before and certificate is saved somewhere.

Question owner

I already have tried this, but doesn't work.

guruduck 1 solutions 1 answers

Chosen Solution

gperes, I ran into this same issue with a Cisco device that had a self-signed cert by default.

Preferences - Advanced - Encryption - View Certificates - * Authorities *

There was an authority named "IOS-self-signed" or something like that from the Cisco device. Deleting that and then restarting Firefox solved the issue for me.

What helped me find that Authority to look for was using Safari to go to the device and view the SSL info. Hate that Firefox (21.0) blocks you completely and doesn't even let you view the cert info. PLEASE FIX Mozilla!! I should at least be able to view the cert.

dandoug 0 solutions 1 answers

I ran into the same problem.

In my case, what I needed to do was trust the CA more. The CA that had provided the invalid cert (was expired) was not enabled for website validation.

I had to find the CA name using another browser (because FF would not let me get far enough). I openned the page in Chrome, clicked the broken lock and then "Certificate Information" to display more details about the certificate causing the problem. In this case it was Rapid SSL CA under GeoTrust Inc.

Switching back to FireFox, I went to the Authorities list...

Preferences - Advanced - Encryption - View Certificates - * Authorities *

I selected the problem CA and then clicked the "Edit Trust" button. Enable the trust settings checkboxes.

Restart FireFox and was good to go...

The next time I hit the troubled page, I could add exception for cert and from then on use it.

Modified by dandoug

cor-el
  • Top 10 Contributor
  • Moderator
10753 solutions 96760 answers

You should never set any trust bits for intermediate certificates that are identified as "Software Security Device".
Only trusted root certificates (Builtin Object Token or possibly imported root certificates) should have trust bits set.