Adding SSL-Certificate Exception in Firefox 4
I recently installed Firefox 4 beta 11 and now cannot access certain webpages provided by my university which are using an SSL-encryption.
The error message I receive (in a popup box) is:
evasys.urz.uni-halle.de uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
It has been a known problem that somehow Firefox does not handle the issuer chain of the certificate correctly (thats what the IT department says) and the solution up to now was to add an exception for this website in Firefox 3.x.x
This would be fine by me for Firefox 4, too, but I cannot find a way to add this exception. As soon as I dismiss the error message box by clicking "OK" nothing happens, no "This connection is untrusted"-page (http://support.mozilla.com/en-US/kb/This%20connection%20is%20untrusted#w_certificates-and-identification) is opened or anything equivalent.
Thank you in advance for any help.
วิธีแก้ปัญหาที่เลือก
Nothing has changed about adding exceptions in Firefox 4 AFAIK.
If you can't add an exception, but get a pop-up with the error message then you can check the pref browser.xul.error_pages.enabled on the about:config page and make sure that the value is set to the true (default).
You can retrieve the certificate and check who issued the certificate.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button to inspect the certificate and check who is the issuer.
Only leave the mark in the box at the bottom to "Permanently store this exception" if you trust that certificate.
- Click "Confirm Security Exception" to enter the site if you still want to go to that website.
การตอบกลับทั้งหมด (8)
After installing beta 12 the problem seems to be solved - connecting to the mentioned websites is possible via https.
Anyhow it would still be nice to know, how adding an exception works in FF4.
วิธีแก้ปัญหาที่เลือก
Nothing has changed about adding exceptions in Firefox 4 AFAIK.
If you can't add an exception, but get a pop-up with the error message then you can check the pref browser.xul.error_pages.enabled on the about:config page and make sure that the value is set to the true (default).
You can retrieve the certificate and check who issued the certificate.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button to inspect the certificate and check who is the issuer.
Only leave the mark in the box at the bottom to "Permanently store this exception" if you trust that certificate.
- Click "Confirm Security Exception" to enter the site if you still want to go to that website.
Thank you cor-el for your answer.
browser.xul.error_pages.enabled was really set to false which I did not do myself, but some addon might have.
I cannot test, whether the "This connection is untrusted"-page appears now, because since beta 12 the certificate works fine, but I trust you, that it is still there.
You're welcome
Hello. Yes, there is a problem with adding an exception button, but I found a temporary solution until Mozilla solves the problem. First, copy a link from website you want to enter. Then, go to: Options > Advanced > Encryption tab > View Certificates > Servers tab > Add Exception.. Now paste the link at "Location:" then click "Get Certificate" and Confirm Security Exception. That's all.
This is a really annoying bug! I had to switch back to Firefox 3.6 as I could only confirm the exception sporadically. In most of the cases the button did not get active.
cor-el's solution is good, except that sometimes you should also check the browser.xul.error_pages.expert_bad_cert value, which maybe false in some cases.
Actually, check the certification is really necessary since you are under some risks if you got the warning. In my experience, when I accessed the same web site through another link ( a vpn tunnel ), the warning disappears. This can be replayed each time.
So you should ensure that the certification is from the web site accessed, if you were behind GFW like me.
It turns out this problem is the result of the intermediary chain not being properly defined by the server.
I was able to solve this error with a StartSSL certificate using NGINX (a robust high volume alternative to APACHE) in minutes by following these steps: 5-nginx-and-StartSSL.html