X
Tap here to go to the mobile version of the site.

Support Forum

How do I trust a self-signed issuer certificate?

Posted

I created a self-signed CA cert using openssl, and imported it into Firefox, but when I select it in the Certificate Manager under “Your Certificates” and click “View…”, I see the message “Could not verify this certificate because the issuer is not trusted.”

https://www.dropbox.com/s/i38v78802ym9fug/Screenshot%202014-04-15%2010.49.14.png

When I visit the site that I set up with an SSL cert signed by that same self-signed CA cert, I get an untrusted connection warning with the following technical details: “staging.cakemade.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)”

https://www.dropbox.com/s/rvq00r0pdn99rd6/Screenshot%202014-04-15%2010.57.54.png

When I view the site certificate, it correctly identifies the issuer as the CA cert that I imported, but also displays the message “Could not verify this certificate because the issuer is not trusted.”

https://www.dropbox.com/s/b3no5pdhf9ddx5h/Screenshot%202014-04-15%2010.57.29.png

I am using Firefox Aurora, and apply updates daily. I am using the default settings for OCSP.

https://www.dropbox.com/s/in58viu3q6wkxvn/Screenshot%202014-04-15%2011.02.22.png

What do I need to do to get Firefox to trust the CA cert that I imported?

I created a self-signed CA cert using openssl, and imported it into Firefox, but when I select it in the Certificate Manager under “Your Certificates” and click “View…”, I see the message “Could not verify this certificate because the issuer is not trusted.” https://www.dropbox.com/s/i38v78802ym9fug/Screenshot%202014-04-15%2010.49.14.png When I visit the site that I set up with an SSL cert signed by that same self-signed CA cert, I get an untrusted connection warning with the following technical details: “staging.cakemade.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)” https://www.dropbox.com/s/rvq00r0pdn99rd6/Screenshot%202014-04-15%2010.57.54.png When I view the site certificate, it correctly identifies the issuer as the CA cert that I imported, but also displays the message “Could not verify this certificate because the issuer is not trusted.” https://www.dropbox.com/s/b3no5pdhf9ddx5h/Screenshot%202014-04-15%2010.57.29.png I am using Firefox Aurora, and apply updates daily. I am using the default settings for OCSP. https://www.dropbox.com/s/in58viu3q6wkxvn/Screenshot%202014-04-15%2011.02.22.png What do I need to do to get Firefox to trust the CA cert that I imported?

Chosen solution

I'm assuming you've imported your CA cert underneath the 'Authorities' tab. Restart FF after importing the cert.

I'd expect you're being prompted to set the trust level upon importing the cert. If not you can do that manually via the 'Edit Trust' button.

Read this answer in context 4

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36

More Information

Application Basics
------------------
Name: Firefox
Version: 30.0a2
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0
Crash Reports for the Last 3 Days
---------------------------------
All Crash Reports
Extensions
----------
Name: 1Password
Version: 3.9.20
Enabled: true
ID: onepassword@agilebits.com
Name: Advanced Cookie Manager
Version: 5.7
Enabled: true
ID: cookiemgr@jayapal.com
Name: Barlesque
Version: 1.15
Enabled: true
ID: barlesque@dmitriy.khudorozhkov
Name: Firebug
Version: 1.12.8
Enabled: true
ID: firebug@software.joehewitt.com
Important Modified Preferences
------------------------------
accessibility.typeaheadfind.flashBar: 0
browser.cache.disk.capacity: 358400
browser.cache.disk.smart_size_cached_value: 358400
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.places.smartBookmarksVersion: 7
browser.sessionstore.upgradeBackup.latestBuildID: 20140414004003
browser.startup.homepage_override.buildID: 20140414004003
browser.startup.homepage_override.mstone: 30.0a2
dom.mozApps.used: true
extensions.lastAppVersion: 30.0a2
font.internaluseonly.changed: true
font.name.serif.x-western: Helvetica
font.size.variable.x-western: 12
gfx.blacklist.webgl.msaa: 4
network.cookie.prefsMigrated: true
places.database.lastMaintenance: 1397509693
places.history.expiration.transient_current_max_pages: 104858
plugin.disable_full_page_plugin_for_types: application/pdf
plugin.importedState: true
print.macosx.pagesetup-2: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VO
print.print_bgcolor: false
print.print_bgimages: false
print.print_colorspace:
print.print_command:
print.print_downloadfonts: false
print.print_duplex: 402653184
print.print_evenpages: true
print.print_in_color: true
print.print_margin_bottom: 0.5
print.print_margin_left: 0.5
print.print_margin_right: 0.5
print.print_margin_top: 0.5
print.print_oddpages: true
print.print_orientation: 0
print.print_page_delay: 50
print.print_paper_data: 0
print.print_paper_height: 11.00
print.print_paper_name:
print.print_paper_size_type: 1
print.print_paper_size_unit: 0
print.print_paper_width: 8.50
print.print_plex_name:
print.print_resolution: 0
print.print_resolution_name:
print.print_reversed: false
print.print_scaling: 1.00
print.print_shrink_to_fit: true
print.print_to_file: false
print.print_unwriteable_margin_bottom: 56
print.print_unwriteable_margin_left: 25
print.print_unwriteable_margin_right: 25
print.print_unwriteable_margin_top: 25
privacy.sanitize.migrateFx3Prefs: true
security.disable_button.openCertManager: false
security.disable_button.openDeviceManager: false
storage.vacuum.last.index: 1
storage.vacuum.last.places.sqlite: 1395009433
Graphics
--------
Device ID: 0x a29
GPU Accelerated Windows: 4/4 OpenGL (OMTC)
Vendor ID: 0x10de
WebGL Renderer: NVIDIA Corporation -- NVIDIA GeForce GT 330M OpenGL Engine
windowLayerManagerRemote: true
AzureCanvasBackend: quartz
AzureContentBackend: quartz
AzureFallbackCanvasBackend: none
AzureSkiaAccelerated: 0
JavaScript
----------
Incremental GC: true
Accessibility
-------------
Activated: false
Prevent Accessibility: 0
Library Versions
----------------
NSPR
Expected minimum version: 4.10.4
Version in use: 4.10.4
NSS
Expected minimum version: 3.16 Basic ECC
Version in use: 3.16 Basic ECC
NSSSMIME
Expected minimum version: 3.16 Basic ECC
Version in use: 3.16 Basic ECC
NSSSSL
Expected minimum version: 3.16 Basic ECC
Version in use: 3.16 Basic ECC
NSSUTIL
Expected minimum version: 3.16
Version in use: 3.16

christ1
  • Top 25 Contributor
2171 solutions 15897 answers

Chosen Solution

I'm assuming you've imported your CA cert underneath the 'Authorities' tab. Restart FF after importing the cert.

I'd expect you're being prompted to set the trust level upon importing the cert. If not you can do that manually via the 'Edit Trust' button.

I'm assuming you've imported your CA cert underneath the 'Authorities' tab. Restart FF after importing the cert. I'd expect you're being prompted to set the trust level upon importing the cert. If not you can do that manually via the 'Edit Trust' button.

Question owner

I had imported the CA cert under “Your Certificates.” I deleted the CA cert, switched to “Authorities”, re-imported the CA cert, and restarted Firefox. This fixed the problem.

Thanks for your help!

I had imported the CA cert under “Your Certificates.” I deleted the CA cert, switched to “Authorities”, re-imported the CA cert, and restarted Firefox. This fixed the problem. Thanks for your help!