X
Tap here to go to the mobile version of the site.

Support Forum

Disabling untrusted connection warning, or adding issuer without certificate?

Posted

I am using Firefox (20) in an environment where I am required to use a proxy to access any external websites, and the proxy has recently been changed in such a manner that it now intercepts HTTPS requests and seems to reissue the certificates from a new identity.

This means that every page I visit that uses HTTPS shows the 'untrusted connection' warning page. I can, of course, add exceptions - but I don't want to have to do this for every secure page (and every subdomain, including those only used for serving up images or stylesheets, etc).

Is there any way to.. disable the warning page? Add an exception for "*"? Add the identity that the certificates are being reissued under to my trusted list (I don't have access to the certificate file)?

Neither Chrome or IE exhibit this behaviour under the same conditions.

NB: Troubleshooting info attached is from a different computer.

I am using Firefox (20) in an environment where I am required to use a proxy to access any external websites, and the proxy has recently been changed in such a manner that it now intercepts HTTPS requests and seems to reissue the certificates from a new identity. This means that every page I visit that uses HTTPS shows the 'untrusted connection' warning page. I can, of course, add exceptions - but I don't want to have to do this for every secure page (and every subdomain, including those only used for serving up images or stylesheets, etc). Is there any way to.. disable the warning page? Add an exception for "*"? Add the identity that the certificates are being reissued under to my trusted list (I don't have access to the certificate file)? Neither Chrome or IE exhibit this behaviour under the same conditions. NB: Troubleshooting info attached is from a different computer.

Chosen solution

You will have to acquire the root certificate of this proxy and install it in Firefox to prevent such an untrusted message.
If you have this certificate in IE or Google Chrome then export it and import in Firefox.
You can inspect the certificate chain in those browser to see how they link it to a built-in root certificate.
You need to set the trust bit to trust this certificate for web pages.

Read this answer in context 10

Additional System Details

Installed Plug-ins

  • Displays Java applet content, or a placeholder if Java is not installed.
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.

Application

  • Firefox 20.0
  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:20.0) Gecko/20100101 Firefox/20.0
  • Support URL: http://support.mozilla.org/1/firefox/20.0/Darwin/en-US/

Extensions

  • Adblock Plus 2.2.3 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Firebug 1.11.2 (firebug@software.joehewitt.com)
  • LastPass 2.0.0 (support@lastpass.com)
  • Reddit Enhancement Suite 4.1.5 (jid1-xUfzOsOFlzSOXg@jetpack)
  • Tree Style Tab 0.14.2013040601 (treestyletab@piro.sakura.ne.jp)
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • All-in-One Gestures 0.25.1 ({8b86149f-01fb-4842-9dd8-4d7eb02fd055}) (Inactive)
  • Delicious Bookmarks 2.3.4 ({2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}) (Inactive)
  • Greasemonkey 1.8 ({e4a8a97b-f2ed-450b-b12d-ee082ba24781}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription:
  • adapterDeviceID: 0x 116
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: 0x8086
  • driverDate:
  • driverVersion:
  • info: {u'AzureCanvasBackend': u'quartz', u'AzureFallbackCanvasBackend': u'none', u'AzureContentBackend': u'none'}
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Intel Inc. -- Intel HD Graphics 3000 OpenGL Engine
  • windowLayerManagerType: OpenGL

Modified Preferences

  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.startup.homepage_override.buildID: 20130326150557
  • browser.startup.homepage_override.mstone: 20.0
  • browser.tabs.insertRelatedAfterCurrent: False
  • browser.tabs.insertRelatedAfterCurrent.backup: True
  • browser.tabs.loadFolderAndReplace: False
  • browser.tabs.onTop: False
  • browser.tabs.warnOnClose: False
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 20.0
  • gfx.blacklist.webgl.msaa: 4
  • network.cookie.prefsMigrated: True
  • places.history.expiration.transient_current_max_pages: 104858
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • privacy.donottrackheader.enabled: True
  • privacy.sanitize.migrateFx3Prefs: True

Misc

  • User JS: No
  • Accessibility: No
cor-el
  • Top 10 Contributor
  • Moderator
12523 solutions 115465 answers

Chosen Solution

You will have to acquire the root certificate of this proxy and install it in Firefox to prevent such an untrusted message.
If you have this certificate in IE or Google Chrome then export it and import in Firefox.
You can inspect the certificate chain in those browser to see how they link it to a built-in root certificate.
You need to set the trust bit to trust this certificate for web pages.

You will have to acquire the root certificate of this proxy and install it in Firefox to prevent such an untrusted message.<br /> If you have this certificate in IE or Google Chrome then export it and import in Firefox.<br /> You can inspect the certificate chain in those browser to see how they link it to a built-in root certificate.<br /> You need to set the trust bit to trust this certificate for web pages.

Question owner

Thanks - that fixed it!

For anyone else with the issue who comes across this post, I exported the certificates from Chrome (IE), and imported them into Firefox. I then had to edit the trust settings for each certificate, and the CA trust settings within that to give them full trust (although presumably only "..identify websites" is required).

Thanks - that fixed it! For anyone else with the issue who comes across this post, I exported the certificates from Chrome (IE), and imported them into Firefox. I then had to edit the trust settings for each certificate, and the CA trust settings within that to give them full trust (although presumably only "..identify websites" is required).