Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

How do I trust a self-signed issuer certificate?

  • 2 回覆
  • 19 有這個問題
  • 1 次檢視
  • 最近回覆由 whittle

whittle
whittle
more options

I created a self-signed CA cert using openssl, and imported it into Firefox, but when I select it in the Certificate Manager under “Your Certificates” and click “View…”, I see the message “Could not verify this certificate because the issuer is not trusted.”

https://www.dropbox.com/s/i38v78802ym9fug/Screenshot%202014-04-15%2010.49.14.png

When I visit the site that I set up with an SSL cert signed by that same self-signed CA cert, I get an untrusted connection warning with the following technical details: “staging.cakemade.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)”

https://www.dropbox.com/s/rvq00r0pdn99rd6/Screenshot%202014-04-15%2010.57.54.png

When I view the site certificate, it correctly identifies the issuer as the CA cert that I imported, but also displays the message “Could not verify this certificate because the issuer is not trusted.”

https://www.dropbox.com/s/b3no5pdhf9ddx5h/Screenshot%202014-04-15%2010.57.29.png

I am using Firefox Aurora, and apply updates daily. I am using the default settings for OCSP.

https://www.dropbox.com/s/in58viu3q6wkxvn/Screenshot%202014-04-15%2011.02.22.png

What do I need to do to get Firefox to trust the CA cert that I imported?

I created a self-signed CA cert using openssl, and imported it into Firefox, but when I select it in the Certificate Manager under “Your Certificates” and click “View…”, I see the message “Could not verify this certificate because the issuer is not trusted.” https://www.dropbox.com/s/i38v78802ym9fug/Screenshot%202014-04-15%2010.49.14.png When I visit the site that I set up with an SSL cert signed by that same self-signed CA cert, I get an untrusted connection warning with the following technical details: “staging.cakemade.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)” https://www.dropbox.com/s/rvq00r0pdn99rd6/Screenshot%202014-04-15%2010.57.54.png When I view the site certificate, it correctly identifies the issuer as the CA cert that I imported, but also displays the message “Could not verify this certificate because the issuer is not trusted.” https://www.dropbox.com/s/b3no5pdhf9ddx5h/Screenshot%202014-04-15%2010.57.29.png I am using Firefox Aurora, and apply updates daily. I am using the default settings for OCSP. https://www.dropbox.com/s/in58viu3q6wkxvn/Screenshot%202014-04-15%2011.02.22.png What do I need to do to get Firefox to trust the CA cert that I imported?

被選擇的解決方法

I'm assuming you've imported your CA cert underneath the 'Authorities' tab. Restart FF after importing the cert.

I'd expect you're being prompted to set the trust level upon importing the cert. If not you can do that manually via the 'Edit Trust' button.

從原來的回覆中察看解決方案 👍 4

所有回覆 (2)

christ1
christ1
  • Top 25 Contributor
more options

選擇的解決方法

I'm assuming you've imported your CA cert underneath the 'Authorities' tab. Restart FF after importing the cert.

I'd expect you're being prompted to set the trust level upon importing the cert. If not you can do that manually via the 'Edit Trust' button.

whittle
whittle 提出問題者
more options

I had imported the CA cert under “Your Certificates.” I deleted the CA cert, switched to “Authorities”, re-imported the CA cert, and restarted Firefox. This fixed the problem.

Thanks for your help!