Can't add an exception to allow self signed certs to be used on internal sites
This used to be on the error page that was thrown up at a cert warning. Now it's buried, and non funtional.
I have attempted to add an exception for a number of internal sites. Using Names FQDN and ip address to 'retrieve the cert'. Cert wont retrieve. Why did you break something that was so easy to use and that accidentally allowed us to WORK!?
Todas as respostas (7)
Using Names FQDN and ip address to 'retrieve the cert'.
What does this mean?
At this time Firefox blocks access to self signed certs. I have tried to add an exception that will allow me to use a self signed cert. There is a UI control that is supposed to allow one to add certs Preferences->Advanced->Certificates->Servers->Add Exception a dialog opens that is supposed to allow one to "Get Certificate".
In the location bar, I have put the short hostname https://foo the Fully Qualified Domain Name https://foo.bar.com the ip address https://192.168.16.22
it never pulls the cert, or allows me to add the exception
What happens if you go to the site directly, i.e. put https://foo.bar.com or https://192.168.16.22 into the URL bar?
You should then be prompted for the exception.
if we bring up the site in the location bar of the browser we don't get the exception UI, I get this error message:
Error code: sec_error_reused_issuer_and_serial
Long story short, I should be able to tell the browser, "Trust me I'm a Doctor".
Long story short, you issued a new certificate with the same serial no. as the previous one. So there is no way for FF to create an exception for it. You'll need to delete the old certificate from the certificate store first.
That would be easy to solve if it were true. I could delete the cert with the with duplicate ser no. Since there is no such duplicate, I am finding it difficult. The cert authorities in question are on netscalers, each with their own authority. None have been able to add their Cert aso f yet, I have looked through the certs in the current store, and there are no other certs from a netscaler. I Do not have this problem on Chrome, or Safari, or IE, or the last version of FF I was using which was old like 13 or so.
I miss Netscape.
In order to be able to see all certs Firefox knows about you'll need an add-on, e.g. like Certificate Patrol. https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
But Certificate Patrol only 'learns' about certs when visiting a secure site. Therefore you may need to delete the certificate store to get rid of the old cert.
- Close the application.
- Open your profile folder.
- Delete the file cert8.db.
- Restart the application. cert8.db will be recreated when you do so.
You should now be able to create the exception, or you could simply import the root cert of the CA which issued your cert.
Note: You should backup any personal certs prior to deleting cert8.db.
Modificado por christ1 a