X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Firefox does not accept Charles Proxy certificate, gives me a SEC_ERROR_UNKNOWN_ISSUER

Kuphostiwe

I use Charles Proxy during my development. I have it to proxy some of my connections. I have no issues working with Chrome, Safari or Edge but, I cannot get it to work with Firefox.

All I get is a:

The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

With no options to add as exception

I use Charles Proxy during my development. I have it to proxy some of my connections. I have no issues working with Chrome, Safari or Edge but, I cannot get it to work with Firefox. All I get is a: The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER With no options to add as exception

Isisombululo esikhethiwe

On Mac, you would export from the keychain. E.g., https://support.mozilla.org/questions/1236194 Apologies for the oversight.

Funda le mpendulo ngokuhambisana nalesi sihloko 0

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • Shockwave Flash 31.0 r0

Isisebenziso

  • Firefox 62.0.3
  • Umsebenzisi oyi-ejenti: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:62.0) Gecko/20100101 Firefox/62.0
  • I-URL Yokweseka: https://support.mozilla.org/1/firefox/62.0.3/Darwin/en-US/

Izandiso

  • ADB Helper 0.12.1 (adbhelper@mozilla.org)
  • Facebook Container 1.3.1 (@contain-facebook)
  • Reddit Enhancement Suite 5.12.6 (jid1-xUfzOsOFlzSOXg@jetpack)
  • Side View 0.4.3710 (side-view@mozilla.org)
  • Test Pilot 3.0.6vccc9955 (@testpilot-addon)
  • uBlock Origin 1.17.0 (uBlock0@raymondhill.net)
  • LastPass: Free Password Manager 4.17.1.7 (support@lastpass.com) (Akusebenzi)

I-Javascript

  • incrementalGCEnabled: True

Imidwebo

  • adapterDescription:
  • adapterDeviceID: 0x67ef
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: 0x1002
  • contentUsesTiling: True
  • crashGuards: []
  • driverDate:
  • driverVersion:
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'available', u'description': u'Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'HW_COMPOSITING'}, {u'status': u'available', u'description': u'OpenGL Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'OPENGL_COMPOSITING'}, {u'status': u'opt-in', u'description': u'WebRender', u'log': [{u'status': u'opt-in', u'message': u'WebRender is an opt-in feature', u'type': u'default'}], u'name': u'WEBRENDER'}, {u'status': u'available', u'description': u'Off Main Thread Painting', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'OMTP'}]}
  • info: {u'TileHeight': 1024, u'ApzWheelInput': 1, u'ApzDragInput': 1, u'ApzKeyboardInput': 1, u'ApzAutoscrollInput': 1, u'AzureFallbackCanvasBackend': u'none', u'TileWidth': 1024, u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'skia', u'AzureContentBackend': u'skia'}
  • numAcceleratedWindows: 3
  • numTotalWindows: 3
  • offMainThreadPaintEnabled: True
  • offMainThreadPaintWorkerCount: 3
  • usesTiling: True
  • webgl1DriverExtensions: GL_ARB_blend_func_extended GL_ARB_draw_buffers_blend GL_ARB_draw_indirect GL_ARB_ES2_compatibility GL_ARB_explicit_attrib_location GL_ARB_gpu_shader_fp64 GL_ARB_gpu_shader5 GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_occlusion_query2 GL_ARB_sample_shading GL_ARB_sampler_objects GL_ARB_separate_shader_objects GL_ARB_shader_bit_encoding GL_ARB_shader_subroutine GL_ARB_shading_language_include GL_ARB_tessellation_shader GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_cube_map_array GL_ARB_texture_gather GL_ARB_texture_query_lod GL_ARB_texture_rgb10_a2ui GL_ARB_texture_storage GL_ARB_texture_swizzle GL_ARB_timer_query GL_ARB_transform_feedback2 GL_ARB_transform_feedback3 GL_ARB_vertex_attrib_64bit GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_EXT_debug_label GL_EXT_debug_marker GL_EXT_depth_bounds_test GL_EXT_texture_compression_s3tc GL_EXT_texture_filter_anisotropic GL_EXT_texture_mirror_clamp GL_EXT_texture_sRGB_decode GL_APPLE_client_storage GL_APPLE_container_object_shareable GL_APPLE_flush_render GL_APPLE_object_purgeable GL_APPLE_rgb_422 GL_APPLE_row_bytes GL_APPLE_texture_range GL_ATI_texture_mirror_once GL_NV_texture_barrier
  • webgl1Extensions: ANGLE_instanced_arrays EXT_blend_minmax EXT_color_buffer_half_float EXT_frag_depth EXT_sRGB EXT_shader_texture_lod EXT_texture_filter_anisotropic EXT_disjoint_timer_query OES_element_index_uint OES_standard_derivatives OES_texture_float OES_texture_float_linear OES_texture_half_float OES_texture_half_float_linear OES_vertex_array_object WEBGL_color_buffer_float WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_depth_texture WEBGL_draw_buffers WEBGL_lose_context
  • webgl1Renderer: ATI Technologies Inc. -- AMD Radeon Pro 560 OpenGL Engine
  • webgl1Version: 4.1 ATI-2.0.36
  • webgl1WSIInfo: CGL
  • webgl2DriverExtensions: GL_ARB_blend_func_extended GL_ARB_draw_buffers_blend GL_ARB_draw_indirect GL_ARB_ES2_compatibility GL_ARB_explicit_attrib_location GL_ARB_gpu_shader_fp64 GL_ARB_gpu_shader5 GL_ARB_instanced_arrays GL_ARB_internalformat_query GL_ARB_occlusion_query2 GL_ARB_sample_shading GL_ARB_sampler_objects GL_ARB_separate_shader_objects GL_ARB_shader_bit_encoding GL_ARB_shader_subroutine GL_ARB_shading_language_include GL_ARB_tessellation_shader GL_ARB_texture_buffer_object_rgb32 GL_ARB_texture_cube_map_array GL_ARB_texture_gather GL_ARB_texture_query_lod GL_ARB_texture_rgb10_a2ui GL_ARB_texture_storage GL_ARB_texture_swizzle GL_ARB_timer_query GL_ARB_transform_feedback2 GL_ARB_transform_feedback3 GL_ARB_vertex_attrib_64bit GL_ARB_vertex_type_2_10_10_10_rev GL_ARB_viewport_array GL_EXT_debug_label GL_EXT_debug_marker GL_EXT_depth_bounds_test GL_EXT_texture_compression_s3tc GL_EXT_texture_filter_anisotropic GL_EXT_texture_mirror_clamp GL_EXT_texture_sRGB_decode GL_APPLE_client_storage GL_APPLE_container_object_shareable GL_APPLE_flush_render GL_APPLE_object_purgeable GL_APPLE_rgb_422 GL_APPLE_row_bytes GL_APPLE_texture_range GL_ATI_texture_mirror_once GL_NV_texture_barrier
  • webgl2Extensions: EXT_color_buffer_float EXT_texture_filter_anisotropic EXT_disjoint_timer_query OES_texture_float_linear WEBGL_compressed_texture_s3tc WEBGL_compressed_texture_s3tc_srgb WEBGL_debug_renderer_info WEBGL_debug_shaders WEBGL_lose_context
  • webgl2Renderer: ATI Technologies Inc. -- AMD Radeon Pro 560 OpenGL Engine
  • webgl2Version: 4.1 ATI-2.0.36
  • webgl2WSIInfo: CGL
  • windowLayerManagerRemote: True
  • windowLayerManagerType: OpenGL
  • windowUsingAdvancedLayers: False

Okuthandwayo Okulungisiwe

Misc

  • Umsebenzisi JS: Cha
  • Ukufinyeleleka: Cha
jscher2000
  • Top 10 Contributor
8792 izisombululo 71898 izimpendulo
Kuphostiwe

Impendulo Ewusizo

Yes, Firefox normally doesn't trust an unknown "man in the middle" to issue website certificates. As you would hope!!

Here are two workarounds to get Firefox to trust all of the fake certificates your proxy will generate:

Option #1: Import the Signing Certificate

If you import the Charles Proxy signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted.

(A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome.

  • This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome
  • The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location

Example screenshots: https://support.mozilla.org/questions/1199797#answer-1064849

(B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
  • Any system: type or paste about:preferences into the address bar and press Enter/Return to load it

In the search box at the top of the page, type cert and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate.

(Fourth and fifth screenshots in the above-linked post.)

When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.

It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security.

Option #2: Trust all Signing Certificates in the Windows Cert Store

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(B) In the search box above the list, type or paste enterp and pause while the list is filtered

(C) Double-click the security.enterprise_roots.enabled preference to switch the value from false to true

I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects.

The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system.

Do either of those work for you?

Yes, Firefox normally doesn't trust an unknown "man in the middle" to issue website certificates. As you would hope!! Here are two workarounds to get Firefox to trust all of the fake certificates your proxy will generate: '''Option #1: Import the Signing Certificate''' If you import the Charles Proxy signing certificate into Firefox's certificate store, then all of its fake certificates will be trusted. (A) If you do not already have a certificate file ready to import, you can export it from IE or Chrome. * This may appear in IE's Certificates dialog OR it may appear when you view the certificate details on any secure page you load in IE/chrome * The Export or Copy to file button starts the Export Wizard. Use the DER format and save to a convenient location ''Example screenshots:'' https://support.mozilla.org/questions/1199797#answer-1064849 (B) When finished with all the necessary exports to complete the chain in the Certification Path, you can import the certificates into the Firefox Authorities tab: * Windows: "3-bar" menu button (or Tools menu) > Options * Mac: "3-bar" menu button (or Firefox menu) > Preferences * Linux: "3-bar" menu button (or Edit menu) > Preferences * Any system: type or paste '''about:preferences''' into the address bar and press Enter/Return to load it In the search box at the top of the page, type ''cert'' and Firefox should filter the list. Click "View Certificates" to open the Certificate Manager and click the "Authorities" tab. Then you can use the "Import" button to import the proxy server's certificate. (Fourth and fifth screenshots in the above-linked post.) ''When asked, I suggest allowing the certificate for websites only unless your IT suggests otherwise.'' It's a bit of pain, but the advantage of that approach is that you are making the minimal compromise of security. '''Option #2: Trust all Signing Certificates in the Windows Cert Store''' (A) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button accepting the risk. (B) In the search box above the list, type or paste '''enterp''' and pause while the list is filtered (C) Double-click the '''security.enterprise_roots.enabled''' preference to switch the value from false to true I'm not sure whether that will start working immediately or after the next time to exit Firefox and start it up again. I guess you'll know if you visit an HTTPS address and Firefox no longer objects. The disadvantage of this method is that any security compromise of the system certificate store will affect Firefox, too. This may be a lesser concern on a business system. Do either of those work for you?
jscher2000
  • Top 10 Contributor
8792 izisombululo 71898 izimpendulo
Kuphostiwe

Isisombululo Esikhethiwe

On Mac, you would export from the keychain. E.g., https://support.mozilla.org/questions/1236194 Apologies for the oversight.

On Mac, you would export from the keychain. E.g., https://support.mozilla.org/questions/1236194 Apologies for the oversight.

Umnikazi wombuzo

Thank you for your help! That solved it for me.

Thank you for your help! That solved it for me.