Join us to show up for other Firefox users 🦊. Earn fun badges and Mozilla swag vouchers! Find out more: https://mzl.la/askafox150

Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Problem with self signed ssl certificute

  • Atsakymų nėra
  • 0 have this problem
  • Open
Mike
Mike

I have a local Rocky Linux server running a nginx web server. I am using a Macos laptop. I am trying to install a self signed ssl certificate using openssl on my web server.. The certificate I generated works with Safari but not with Firefox. I have copied the certificate to both Safari and Firefox for local use. Privacy and Security, Manage Certificates, Your Certificates. Firefox complains that that my TLS is tls 1.1, when I am using tls 1.3:

An error occured during connection to tls-v1-1.badssl.com:1011. Peer using unsupported version of security protocol.

My test on my server shows:

sudo curl -v https://caprock.home

Connected to caprock.home (192.168.2.44) port 443 (#0)

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (IN), TLS header, Unknown (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.2 (IN), TLS header, Unknown (23):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS header, Unknown (23):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.2 (IN), TLS header, Unknown (23):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.2 (OUT), TLS header, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.2 (OUT), TLS header, Unknown (23):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use http/1.1
  • Server certificate:
  • subject: C=US; ST=Colorado; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com
  • start date: Aug 12 19:26:04 2025 GMT
  • expire date: Nov 13 19:26:04 2032 GMT
  • common name: caprock.home (matched)
  • issuer: C=US; ST=Colorado; L=Canon City; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com
  • SSL certificate verify ok.
  • TLSv1.2 (OUT), TLS header, Unknown (23):

> GET / HTTP/1.1 > Host: caprock.home > User-Agent: curl/7.76.1 > Accept: */* >

  • TLSv1.2 (IN), TLS header, Unknown (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.2 (IN), TLS header, Unknown (23):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • TLSv1.2 (IN), TLS header, Unknown (23):
  • Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK < Server: nginx/1.20.1 < Date: Tue, 28 Apr 2026 13:17:26 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < X-Powered-By: PHP/8.3.30 <

Caprock.home

  • Connection #0 to host caprock.home left intact

Furthermore I can't seem to delete the certificate from Firefox and re add it?

I have a local Rocky Linux server running a nginx web server. I am using a Macos laptop. I am trying to install a self signed ssl certificate using openssl on my web server.. The certificate I generated works with Safari but not with Firefox. I have copied the certificate to both Safari and Firefox for local use. Privacy and Security, Manage Certificates, Your Certificates. Firefox complains that that my TLS is tls 1.1, when I am using tls 1.3: An error occured during connection to tls-v1-1.badssl.com:1011. Peer using unsupported version of security protocol. My test on my server shows: sudo curl -v https://caprock.home Connected to caprock.home (192.168.2.44) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=US; ST=Colorado; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com * start date: Aug 12 19:26:04 2025 GMT * expire date: Nov 13 19:26:04 2032 GMT * common name: caprock.home (matched) * issuer: C=US; ST=Colorado; L=Canon City; O=Caprock Development; OU=Caprock Development Home Base; CN=caprock.home; emailAddress=mike@white-home.com * SSL certificate verify ok. * TLSv1.2 (OUT), TLS header, Unknown (23): > GET / HTTP/1.1 > Host: caprock.home > User-Agent: curl/7.76.1 > Accept: */* > * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Unknown (23): * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: nginx/1.20.1 < Date: Tue, 28 Apr 2026 13:17:26 GMT < Content-Type: text/html; charset=UTF-8 < Transfer-Encoding: chunked < Connection: keep-alive < X-Powered-By: PHP/8.3.30 < <h1> Caprock.home </h1> * Connection #0 to host caprock.home left intact Furthermore I can't seem to delete the certificate from Firefox and re add it?

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.