Támogatás keresése

Kerülje el a támogatási csalásokat. Sosem kérjük arra, hogy hívjon fel egy telefonszámot vagy osszon meg személyes információkat. Jelentse a gyanús tevékenységeket a „Visszaélés bejelentése” lehetőséggel.

További tudnivalók

A témacsoportot lezárták és archiválták. Tegyen fel új kérdést, ha segítségre van szüksége.

Self signed certificates stopped working

  • 2 válasz
  • 7 embernek van ilyen problémája
  • 1 megtekintés
  • Utolsó üzenet ettől: cor-el

more options

All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself.

The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page.

Things I've tried so far:

  • Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them.
  • Quit Firefox, delete cert8.db from my profile, then restart Firefox
  • Restart Firefox in Safe mode
  • Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari)

The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with

   openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt

Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A")

The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine.

This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine.


UPDATE:

I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner.

The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.db
All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself. The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page. Things I've tried so far: * Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them. * Quit Firefox, delete cert8.db from my profile, then restart Firefox * Restart Firefox in Safe mode * Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari) The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A") The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine. This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine. UPDATE: I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner. The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox: * SiteSecurityServiceState.txt * cert_override.txt * cert8.db

Módosította: mbi0,

Kiválasztott megoldás

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

Válasz olvasása eredeti szövegkörnyezetben 👍 0

Összes válasz (2)

more options

Kiválasztott megoldás

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

more options

If it happens again then try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder: