Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

Learn More

이 쓰레드는 보존되었습니다. 만약 도움이 필요하시면 새로운 질문을 올려주세요.

Self signed certificates stopped working

  • 2 답장
  • 7 이 문제를 만남
  • 1 보기
  • 최종 답변자: cor-el

mbi0
mbi0
more options

All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself.

The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page.

Things I've tried so far:

  • Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them.
  • Quit Firefox, delete cert8.db from my profile, then restart Firefox
  • Restart Firefox in Safe mode
  • Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari)

The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with 

   openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt

Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A")

The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine.

This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine.


UPDATE:

I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner.

The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.db
All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself. The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page. Things I've tried so far: * Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them. * Quit Firefox, delete cert8.db from my profile, then restart Firefox * Restart Firefox in Safe mode * Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari) The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A") The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine. This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine. UPDATE: I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner. The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox: * SiteSecurityServiceState.txt * cert_override.txt * cert8.db

글쓴이 mbi0 수정일시

선택된 해결법

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (2)

mbi0
mbi0 질문자
more options

선택된 해결법

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

If it happens again then try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder: