Firefox forum isn't to support expired CA as that is a security risk and if the CA creators don't update their own CA for Firefox browser usage or any other browser it will not work. Also this is a help user forum not a developer forum support ticket request line.

Got it. So Mozilla just put up the original support thread to act as a tar-pit for people with issues without any intent of providing solutions. And the closed it before it could be useful for the majority of people who encounter it first when it breaks things (rather than geeks knowing ahead of time).

The problems here are: 1. Using baked-in CA TLS certs which leads to trialware/expireware. 2. Setting up a support thread than closing it right before the problem happens so as to avoid feedback on 1.

The solution going forwards is obviously to have replaceable certs. But Mozilla doesn't seem very open to feedback as evidenced by their actions.

Why are you closing the baked-in cert expiration support thread two days before it happens? Wouldn't it make a whole ton more sense to leave it open during the actual problem period? https://support.mozilla.org/en-US/questions/1468274

That thread has 98 replies, and I doubt most people would read beyond the first page. If you want help with your installation of Firefox, ask here in this thread.

For quick reference, here is the relevant support article: Update Firefox to prevent add-ons issues from root certificate expiration. As a summary:

• If you are running Firefox 128 or later, this issue doesn't affect you.

• If your system can run the Extended Support Release of Firefox 115, use the internal updater to make sure you are updated to the latest in the series. You need at least 115.13.0esr, and the latest is 115.21.0esr. See: Update Firefox to the latest release. If the steps in the article don't work for you, start a new question for personal assistance at https://support.mozilla.org/questions/new/desktop/form
  
  This is the only option for users of Windows 7, Windows 8, Windows 8.1, macOS 10.12 (Sierra), macOS 10.13 (High Sierra) and macOS 10.14 (Mojave).
  
  If you run Windows 10 or 11, or a newer version of macOS, you also can choose either the regular release (Firefox 136) or the Extended Support Release of Firefox 128.

• If your OS is Windows XP, Mac OS X 10.9 (Mavericks), Mac OS X 10.10 (Yosemite), or Mac OS X 10.11 (El Capitan), the last version of Firefox for your OS is the extended Support Release of Firefox 78. Currently, there is no Firefox update available for your system.
  
  Some Mac hardware can support an upgrade to macOS 10.12 or higher. Try checking the Mac App Store in Safari to see what is compatible. Maybe you can upgrade far enough to run the Extended Support Release of Firefox 115.

Ah yes, so instead of one centralized place for questions and answers they instead have to look through hundreds of individual forum threads. Not sure I follow the reasoning there but I do accept it as what is happening.

As for your copy/paste response, it doesn't seem to be in reply to the contents of this thread which are not about updating to newer versions of Firefox on various OSes, but instead about the issue of having baked-in certs in the first place. I do appreciate the impulse to help though.

Ah yes, so instead of one centralized place for questions and answers they instead have to look through hundreds of individual forum threads. Not sure I follow the reasoning there but I do accept it as what is happening. As for your copy/paste response, it doesn't seem to be in reply to the contents of this thread which are not about updating to newer versions of Firefox on various OSes, but instead about the issue of having baked-in certs in the first place. I do appreciate the impulse to help though.

This site is for tech support. People ask questions and, hopefully, receive answers based on their personal configuration and needs. If you want to have a policy discussion, Mozilla has a different site for that. Two ways to get there:

• menu button > Help > Share ideas and feedback
• https://connect.mozilla.org/

If you recall the last time a critical certificate expired, it was stored in the cert*.db file and could be replaced by an add-on or through importing from a file (my old article: https://www.jeffersonscher.com/ffu/armagadd-on_2_0.html). But now it is hardcoded, presumably to prevent malicious replacement. Assuming that is airtight, we don't have the old workarounds this time.

Unfortunately Mozilla shut down the thread where policy was being discussed and told everyone to post here instead.

That thread was getting out of hand with people asking for help that should have been as their own separate threads. Unfortunately this custom forum software does not have the ability to split posts from a thread to be as a new thread.

Firefox forum isn't to support expired CA as that is a security risk and if the CA creators don't update their own CA for Firefox browser usage or any other browser it will not work. Also this is a help user forum not a developer forum support ticket request line.

You clearly do not understand what that thread was about.

Unfortunately Mozilla shut down the thread where policy was being discussed and told everyone to post here instead.

I only see two threads on Mozilla Connect and they are both open, and mostly inactive. You could join in on this one:

https://connect.mozilla.org/t5/discussions/messages-my-firefox-browser-version-127-0-will-be-broke-on-march/m-p/89855

Thanks! I'll stop here and take it up on the appropriate forum. https://connect.mozilla.org/t5/discussions/baked-in-ca-tls-certs-a-bad-idea-policy-proposal-debate-to-not/m-p/90008#M34866

p.s. re: "You clearly do not understand what that thread was about." - James, It's funny, I'm thinking the same thing about you. It thought it was clear that this thread (which I started) was about 1. why the comments were locked, 2. the problem with baked-in CA TLS certs not being able to be updated. Your solution to this problem seems to be to ignore it but I'd like the root cause of the problem, the baking in, to be addressed in future FF builds/releases.

p.s. re: "You clearly do not understand what that thread was about." - James, It's funny, I'm thinking the same thing about you.

He wasn't quoting you in that part of the reply.

Ah. I assumed the quoted section was an attempt to show me the reasoning behind why I didn't understand what this thread was about. My mistake thinking it's all about me. Thanks.