this connection is untrusted
dear sir,
i have watch guard firebox for controlling websites accessing and i have configured deep inspection for HTTPS site. for access these sites i have provide self signed CA certificate to internet users. and also i have imported the certificate in trusted root authority of Firefox on the system of internet users.
but when they open HTTPS sites Firefox not use self signed CA certificate and shows these errors (This Connection is Untrusted ).
please help?
regards rahul parmar
All Replies (7)
Hi rahulparmar,
I understand that the warning "The Connection is Untrusted" is showing up. It is possible for the users to add an exception: "This Connection is Untrusted" error message appears - What to do
However since they are self signed, it is also possible to check to make sure that they follow the guidelines for:
- https://blog.mozilla.org/security/201.../exciting-updates-to-certificate-verification-in-gecko/
- https://www.mozilla.org/en-US/about/g.../inclusion/
For specific debugging errors we are happy to help or refer to the certificates@mozilla.org address.
If it works with other browser then check the certificate chain and see if you can export a trusted root certificate. Then you can import this certificate in Firefox and set the appropriate trust bits when prompted.
- Tools > Options > Advanced > Certificates: View Certificates
dear sir,
i have already imported the certificate in trusted root authorities.
but Firefox is not using this certificate. please help?
regards
Rahul
Do you see the certificate under Authorities? Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
Did you set the trust bit(s) of that certificate to make Firefox trust the as a root certificate? Otherwise Firefox wont' trust the certificate.
You can also check the certificate chain by clicking the globe/padlock on the location/address bar to see if this certificate is included.
Does the CA certificate follow the guidelines? Disabling this policy in Firefox would cause serious security issues. If absolutely necessary see:https://support.mozilla.org/en-US/que.../1012765
Note that disabling libPKIX support via security.use_mozillapkix_verification = false only applies to Firefox 31 and 32, so that is no longer possible in current releases.
- Bug 975229 - Remove NSS-based certificate verification
Corel thank you, please disregard my previous suggestion rahulparmar.