The SSL certificate for one of the sites I use expired today a couple hours ago, and the devs of that site still haven't had spare time to update it yet. Suppose it's not… (tuilleadh eolais)
The SSL certificate for one of the sites I use expired today a couple hours ago, and the devs of that site still haven't had spare time to update it yet. Suppose it's not a big issue, in most (other) browsers you can just review the problem and click on "continue anyway" link or something like that, when you're sure that the certificate was expected to become invalid. So you can visit the page requested with broken certificate in _single_ click. But not in Firefox.
As I remember - some time ago on the Cert Error page there was "I understand the risks" paragraph with the button "Add exception" below. Looks like it got disabled in Firefox 30 as I don't see it there. Okay, I googled around and found out that in about:config page there's a secret option browser.xul.error_pages.expert_bad_cert which was in disabled state by some reason (I personally haven't ever touched it before). Okay, now I'm able to open the ugly "Add exception" window, but when I add exception - nothing happens. Neither temporary not permanent exception option allowes me to view the site. "This Connection is Untrusted", browser says. Period.
After that I've tried to install "Skip cert error" add-on - with no success. Even if I add the site URL to whitelist in add-on options, which "in theory" should bypass ANY security checks for this exactly domain - then I still end up staring at "This Connection is Untrusted" error which simply can't be bypassed by any means.
The sites I've tried to reach are https://lists.openwrt.org and https://forum.openwrt.org. It's interesting though, the certificate is also expired at https://openwrt.org, but that site can be added to exception list and then firefox opens it. However I see completely NO WAY to make firefox open https://lists.openwrt.org or https://forum.openwrt.org.
I've run out of ideas and came here. Hope somebody knows how to workaround this issue.
PS: I wonder why the hell there's no option to bypass the check by some _simple_ means like in other browsers so that I could reach requested site in seconds rather then searching for settings/addons/workarounds for hours. Thank you firefox for such enourmous care for security, you've made me run Internet Explorer again...
It appears that in this case the certificate was registered for domain openwrt.org, but was also used for forum and lists subdomains. Now it is expired, but the expiration issue can be ignored by exception list only for openwrt.org itself. Other subdomains are actually added to exception list, but it doesn't work for them, so that browser is stuck at "untrusted connection" error which can't be ignored or skipped. What a shame.
I was quiet wrong in Update 1: in fact the SSL certificate for openwrt.org was Level 2 certificate with correcly registered subdomains like forum.openwrt.org and lists.openwrt.org. However when the certificate expired, only openwrt.org exception worked and the site was browseable. All the subdomains could be added to exceptions but regardless of that fact firefox refused to open those sites and was stuck on unskippable "untrusted connection" error page.
For now openwrt.org maintainers have already renewed their certificate so the problem can't be observed on those domains anymore. However I believe that the problem in firefox exceptions handling still exists and should be fixed in future firefox releases.