How to allow security exceptions for sites that don't allow exceptions
I'm not able to access certain sites do to missing "Add Exception" button. I have tried all the suggestions, like modifying about:config, resetting firefox completely, and deleting appData.
1) Other browsers work fine 2) The corporate VPN or security software is probably creating certificate problems. Asking them to change is not an option 3) I don't care if the site is well-maintained or not, I need to access it. 4) I don't plan on logging into any websites or sharing any data. 5) If Firefox really can't do this, then I need to use a different browser
I don't care about security here. The sites I want to access are just public pictures and videos, and I don't plan on logging in.
An example is embedded videos from Twitter.com. I'm not able to access them.
Any help?
所有回复 (10)
There is security software like Avast/AVG, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. If you are running any of the above software please their their community forum for a work around to apply settings.
These pages are also for the errors you may have besides relating to the above.
- https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
- https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
- https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
- https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
- http://kb.mozillazine.org/Error_loading_websites
- https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
One issue that seems more common lately is Firefox's Tracking Protection feature. When it is blocking content in a page, a shield icon will appear at the left end of the address bar next to the padlock icon. This article has more info on managing this feature: Tracking Protection https://support.mozilla.org/en-US/kb/tracking-protection
Please let us know if this solved your issue or if need further assistance.
No, sorry, your response did not help.
Yes, the corporate security measures are inserting a certificate or mangling it somehow.
We are not using any of the software you mentioned, we are using custom software.
As I mentioned in the original question, I cannot make them change. They won't change. It isn't a priority for them to allow secure browsing.
I just need to view news, articles, videos, etc, related to my work.
I don't need any form of secure browsing.
Do I need to switch browsers?
由troyofearth于修改
Hi troyofearth, I posted this reply to your comment in a different thread yesterday. You didn't respond there, so I'll copy/paste here:
Does all your browsing run through a proxy operated by your company? Any "man in the middle" must issue fake site certificates in order to decrypt your browsing (for the benign purposes of securing the company and enforcing policy), so naturally Firefox won't accept those certificates.
You have two options for making Firefox compatible with the proxy:
(1) Import the proxy's signing certificate as a trusted authority in Firefox
(2) Set Firefox to trust all the signing certificates in the Windows certificate store
Option #1 is a bit more protective because malware is far less likely to infect Firefox's certificate store than the system certificate store shared by Microsoft and Google browsers. This may not be a concern on a company PC.
Option #2 is fast and easy. So assuming you prefer fast and easy, here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste roots and pause while the list is filtered
(3) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true
Now one thing that's different from your other post is the word embedded here:
troyofearth said
An example is embedded videos from Twitter.com. I'm not able to access them.
So instead of the embedded video, Firefox displays the "Connection is not secure" page?
Yes correct, the video for twitter displays the "connection is not secure" message.
And as I mentioned, I don't want nor need a secure connection.
This is a large multinational corporation and they don't provide a certificate for me to import.
What about the settings change. Any effect?
troyofearth said
Yes correct, the video for twitter displays the "connection is not secure" message. And as I mentioned, I don't want nor need a secure connection. This is a large multinational corporation and they don't provide a certificate for me to import.
This is the problem here you need to talk to the IT department as it seemed they locked down sites from access. If they did this then falls into their Company protocols and security. And that's whom you need to contact.
Try to set this pref to true on the about:config page in case your security software adds its root certificate to the Windows certificate store.
- security.enterprise_roots.enabled = true
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
Enterprise_Roots.enabled was the key for one of the sites. Thank you.
由troyofearth于修改
The general question still remains.
If I find a site that is improperly set up, or my VPN is improperly setup, but I don't actually want secure browsing, is there a way for me to view the site insecurely?
Hi troyofearth, you can add exceptions to trust unproven certificates in some cases; a button will appear in the panel opened by the Advanced button.
The main exception is hosts that require HTTP Strict Transport Security (HSTS). This is an instruction from the server about how browsers can connect. Firefox won't allow you to add an exception for those (and may not honor it if you sneak it in).