Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

No longer possible to add security certificate exceptions?

  • 2 回覆
  • 6 有這個問題
  • 6 次檢視
  • 最近回覆由 wikne

wikne
wikne
more options

I am currently running Firefox 10.0.1 on Linux (CERN SLC 5.7, equivalent to RHEL 5.7).

Previously, with Firefox 3.6.*, it was possible to bypass an "expired" https security certificate issue by clicking "I know the risks" or something like that if I am dealing with a known and trusted site. Now, Firefox insists on only "try again", and suggests that I notify the webmaster of the "offending" site that the certificate is no good.

I neither can nor will be fussy about such a thing with the webmasters of sites I choose to connect to. Is there no way to disable this behavior? As far as I am concerned, this "feature" is a party-spoiler with the present release of Firefox, leaving me to use other and more reasonable browsers whenever this problem occurs.

-- Jon Wikne

I am currently running Firefox 10.0.1 on Linux (CERN SLC 5.7, equivalent to RHEL 5.7). Previously, with Firefox 3.6.*, it was possible to bypass an "expired" https security certificate issue by clicking "I know the risks" or something like that if I am dealing with a known and trusted site. Now, Firefox insists on only "try again", and suggests that I notify the webmaster of the "offending" site that the certificate is no good. I neither can nor will be fussy about such a thing with the webmasters of sites I choose to connect to. Is there no way to disable this behavior? As far as I am concerned, this "feature" is a party-spoiler with the present release of Firefox, leaving me to use other and more reasonable browsers whenever this problem occurs. -- Jon Wikne

所有回覆 (2)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove the intermediate certificates that Firefox has stored.
If you have user certificates that you want to keep then export those certificates to a .cer file before renaming the cert8.db file.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the stored intermediate certificates.
Firefox will automatically store new intermediate certificates when you visit websites that send them.

wikne
wikne 提出問題者
more options

Sorry, cor-el, thanks but it did not solve the problem.

To me, it seems like the Firefox programmers have adopted a policy of being the users' "guardian" in the context of certificates that are considered to be dubious in some way. With 3.6.* versions of Firefox, the site in question gives this screen snapshot:

http://puma.uio.no/jon/gif/acdb-3.6.24.jpg

Here it is possible to access the site by following the "I understand the risks" link, and adding a security exception.

With 10.0.* versions, it looks like this instead:

http://puma.uio.no/jon/gif/acdb-10.0.1.jpg

"Try again" does not lead to anything constructive. I consider this approach to be an insult to my intelligence as a user.

Maybe there exists some "about:config" parameter that will get rid of this behavior, like the secret "network.security.ports.banned.override" to enable accessing some non-standard, otherwise blocked by default ports? (I know, I have a web-camera using such a port.) If not, I seem to be stuck with older versions of Firefox or editing the source code and compile myself to get rid of this "feature" (bug).

-- Jon