Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

How do I trust a self-signed issuer certificate in version 54.0?

  • 5 ответов
  • 2 имеют эту проблему
  • 2 просмотра
  • Последний ответ от Hamburgo

more options

Since years, I am importing my self-signed issuer certificate over “Authorities” and my intranet-application is running very well as https-application with a green padlock.

Since the update to version 54.0 I get the error code: SEC_ERROR_UNKNOWN_ISSUER.

To fix this issue I have to add the URL as security exception rule and get the yellow padlock, but in this way I loose a lot of trust by my customers.

Is that a new bug ?

If no, how can I get back the green padlock with self-signed issuer certificates?

Since years, I am importing my self-signed issuer certificate over “Authorities” and my intranet-application is running very well as https-application with a green padlock. Since the update to version 54.0 I get the error code: SEC_ERROR_UNKNOWN_ISSUER. To fix this issue I have to add the URL as security exception rule and get the yellow padlock, but in this way I loose a lot of trust by my customers. Is that a new bug ? If no, how can I get back the green padlock with self-signed issuer certificates?

Все ответы (5)

more options

Sorry for the late reply! The mid of June to end of June was a very busy time for us and your question slipped by.

Could you please share the url of your website? Maybe someone here with more knowledge than me can inspect your cert & find out why exactly it's throwing that error. I have a few people I can ask to review it so we can help you get this solved as soon as possible.

Изменено NoahSUMO

more options

A self-signed certificate can never be trusted in the same way as a certificate that can be chained to a built-in trusted root certificate. If you use such a self-signed certificate on an internet web page server than visitors will always have the problem to add an exception. You may have to remove an existing exception to be able to add the certificate another time.

more options

@Noah_SUMO

The URL is: https://kmu-office.spdns.de/TDL

The URL call the login-site of a php-web-application

It is not a web-site for public using.

more options

@cor-el I will be agree with you in the case of public web-sites for public use.

But in my case I am using the self-signed certificates only for an intranet-application to get a secure line for registered users (customers).

So, for my case of using the handling of FireFox up to version 53.xx was optimal (Public users will be got the error code "SEC_ERROR_UNKNOWN_ISSUER" and my registered customers got a secured line with a green padlock, because they had imported my self-signed certificate over “Authorities”, before.

And I do not have any idea / arguments why this way of using self-signed certificate should not be possible in the future.

What is the problem / risk for the other users of the FireFox-community?

From my side it will be more logical that FireFox block the possibility to add an exception for self-signed certificates and will only trust a self-signed certificate if it is imported over the “Authorities”-property, because that will be a intentional doing of the individual FireFox user in trust of this single self-signed certificate.

My opinion is, on the first level it is important that a FireFox user will/can be trust a certificate and only on the second level the whole FireFox-community.

Изменено Hamburgo

more options

@Noah_SUMO Hopefully, you can help and fix that bug or give me a other solution with the same effect.

Many Thanks

Изменено Hamburgo