Detailed certificate information
I have the latest version of FF for android version 68.11 as of August-2020 and I cannot find how to get detailed certificate information for https sites visited. How can certificat information be displayed showing items like certficate expiry?
All Replies (11)
Hi Mace2
If I was wanting to do this kind of check, I would use https://www.ssllabs.com/ssltest/. It is very detailled and gives comprehensive certificate information.
I hope this helps.
Why does android 68.11 not provide this feature the same as a desktop running FF
We try to keep Firefox for Android as small as possible so that it can run on many different Android devices with ease. As part of this, we need to consider the features that most mobile users are likely to use.
Android is not as secure as a desktop and this is a requirement. Other Android browsers like the samsung browser show details for a certificate that FF cannot. enclosed is samsung certificate information.
This is not an issue with the browser but the way in which they display information about a website.
Install this add-on. https://addons.mozilla.org/en-US/firefox/addon/certainly-something/
You won't be able to use it for long though, it will stop working when you'll receive the upgrade to FF79.
Seburo can you elaborate? you seem to suggest that FF is capable of displaying the information like Samsungs browser. This is a required feature for properly identifying a web site that FF visits. I can not understand why it wouldn't display detailed certificate information, if a site is visited and the certificate has a fault like a expired certificate how can this be displayed?
The decision was made by developers not to include this information in Firefox for Android to keep the app size as small as possible.
Different web browsers have different features, but if there is a problem with the security of the site, you will see a warning on the page or in the shield icon in the addressbar.
Making the app size small is not an issue with todays phones as browser are in the range of upward 300 mb in size.
A warning is good but the warning may not be descriptive enough, as an example the sha256 value which unique identyies a site your connected. This is good for sites that use Https with EV like banks.
This is a security drop down for Android FF and since the desktop version has this capability would expect FF to implement this standard feature.
Mace2 said
if a site is visited and the certificate has a fault like a expired certificate how can this be displayed?
It will be displayed, see for instance https://sha1-intermediate.badssl.com/
I am familiar with the site.
The issue is that FF is responsible for connecting to a web site and automatically examining this information to ensure the site has no problems. I should not have to rely on another web site when FF has this information embedded just like the FF desktop and samsung browser.