Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Confirm security exceptions is not working after update to 3.6.

AnonymousUser
AnonymousUser
more options

After update to 3.6 none of the certificates are being authorized for https: dod sites. When I try to trust the certificates by using an exception nothing happens.

URL of affected sites

https://www.dmdc.osd.mil/swg/owa/DMDC.HOME

After update to 3.6 none of the certificates are being authorized for https: dod sites. When I try to trust the certificates by using an exception nothing happens. == URL of affected sites == https://www.dmdc.osd.mil/swg/owa/DMDC.HOME

All Replies (6)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You need to install the DoD root (Class 3 Root and Root CA-2) certificates

  1. http://dodpki.c3pki.den.disa.mil/
  2. http://militarycac.com/dodcerts.htm
AnonymousUser
AnonymousUser Question owner
more options

I went through the process of installing the cert but they do not show up in the certificate list. The pop up for trusting the CA comes up then they do not appear in the list.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You need to look at "U.S. Government" in the certificate list for the DoD certificates.

AnonymousUser
AnonymousUser Question owner
more options

There is not even a U.S. Government category on my list of certificates. Safari is working fine for the same sites but is not supported on others. So between the two I was able to finish what I was working on. Would be nice if Firefox would work properly.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Did you import the DOD root certificates?

Firefox > Preferences > Advanced : Encryption: Certificates

alaingoldsticker
alaingoldsticker
more options

Here are the instructions on how to load the DoD certificates/authorities to Firefox:

  • To import DoD Root CA certificates:

+Using Firefox, navigate to http://dodpki.c3pki.chamb.disa.mil/rootca.html +Click on the first link labeled "Download Class 3 Root CA Certificate" +and click on the "View Button". -Ensure that the SHA1 Fingerprint shown at the bottom matches the below: 10:F1:93:F3:40:AC:91:D6:DE:5F:1E:DC:00:62:47:C4:F2:5D:96:71 -!!! If it does not match, do not install the certificate !!! -If it does match, click on the "Close" button, check the first two check boxes and click "OK" - you may receive some errors for certificates that have expired, just click "OK" to continue.

+Follow the same procedures to download and install the DoD Root CA 2 +and External Certification Authority (ECA) Root CA certificates by clicking on the appropriate links and verifying the certificates by confirming the SHA1 Fingerprint matches the below:

-DoD Root CA 2 Fingerprint: 8C:94:1B:34:EA:1E:A6:ED:9A:E2:BC:54:CF:68:72:52:B4:C9:B5:61 -ECA Root CA Fingerprint: 3A:32:EF:7B:9A:B8:36:F8:37:18:1A:4C:EF:A3:55:C6:46:67:AC:BF

Once loaded they will show-up under U.S. Government, for some reason Firefox does not read these certificates/authorities from KeyChain Access same as Safari.