X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Unable to get add ons if trust disabled for DigiCert Global Root CA

Kuphostiwe

At some point I disabled trust for this cert (along with many others - I distrust non-English CAs and those known to have been hacked). Then when I clicked "Get Add ons" I would get a failure connecting to services.addons.mozilla.org due to untrusted issuer. There is no option to "add exception" because the site uses HSTS, according to the msg.

Outside of Firefox i had to use my own code to connect to services.addons.mozilla.org and debug the SSL/TLS handshake. I saw the root CA from the server and checked my Firefox trust store. Once I re-enabled trust for the DigiCert Global Root CA, I could successfully execute "Get Add ons".

The point here is that you error screen is not helpful. Even if you do not want to let me add an exception, you should at least give me a clear option to view the cert chain. Otherwise how else can someone possibly fix this? Luckily I work with security stuff so could find the certs in the chain externally by other means.

Thank you.

At some point I disabled trust for this cert (along with many others - I distrust non-English CAs and those known to have been hacked). Then when I clicked "Get Add ons" I would get a failure connecting to services.addons.mozilla.org due to untrusted issuer. There is no option to "add exception" because the site uses HSTS, according to the msg. Outside of Firefox i had to use my own code to connect to services.addons.mozilla.org and debug the SSL/TLS handshake. I saw the root CA from the server and checked my Firefox trust store. Once I re-enabled trust for the DigiCert Global Root CA, I could successfully execute "Get Add ons". The point here is that you error screen is not helpful. Even if you do not want to let me add an exception, you should at least give me a clear option to view the cert chain. Otherwise how else can someone possibly fix this? Luckily I work with security stuff so could find the certs in the chain externally by other means. Thank you.

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • ActiveTouch General Plugin Container Version 105
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • Citrix Online App Detector Plugin
  • DeviceAnywhere Plugin
  • Google Update
  • Shockwave Flash 11.7 r700

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0

Eminye Imininingwane

FredMcD
  • Top 10 Contributor
4254 izisombululo 59582 izimpendulo
Kuphostiwe

I've called the big guys to help you. Good luck.

I've called the big guys to help you. Good luck.
cor-el
  • Top 10 Contributor
  • Moderator
17521 izisombululo 158427 izimpendulo
Kuphostiwe

You can open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button

See also: Mozilla CA Certificate Policy:

Mozilla CA Certificate Maintenance Policy (Version 2.2):

You can open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate: * chrome://pippki/content/exceptionDialog.xul In the location field type/paste the URL of the website * retrieve the certificate via the "Get certificate" button * inspect the certificate via the "View..." button See also: Mozilla CA Certificate Policy: *https://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Maintenance Policy (Version 2.2): *https://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html

Umnikazi wombuzo

Thank you. I pasted chrome://pippki/content/exceptionDialog.xul into the location bar and it worked as you described.

It is a little obscure but once known does the trick.

Thank you. I pasted chrome://pippki/content/exceptionDialog.xul into the location bar and it worked as you described. It is a little obscure but once known does the trick.