ALL-INKL.COM - Webhosting Server Hosting Domain Provider

Help, my Firefox goes berzerk!

We all know it: We launch our favourite browser and
suddenly after an update that darn thing is driving us
nuts with new error messages we haven’t seen before.
In this case it’s the SSL certificates.

As with version 57, Firefox seems to go real mad when your SSL is re-routed trough a firewall or AV solution. This scenario mostly happens in companies when you’re at work or when you install a firewall/AV-Solution with Web protection components at home.

So what happens then?

Firefox in general comes with a basic set of SSL certificate authorities it uses to authenticate SSL certificates with. If you install a software that works like a proxy when it comes to certificate authorities, you might yourself seen confronted with an SSL error message instead of a https-site.

Same happened to me when I updated my firefox at work. Suddenly FIrefox stopped working and when I tried to open whatever site in it that uses SSL, I just got a “SEC_ERROR_UNKNOWN_ISSUER” message and either I could add an exception so that it opens the page (although there are a lot more SSL connections in the background that would require the same step!) or the page is configured the way that you can’t add the exception and you’re screwed.

The second error (trying to import the certificate root of the certificate) ended up in a “MOZILLA_PKIX_ERROR_MITM_DETECTED” error message which rendered Firefox entirely unusable at this point.

Frustrated I used Google Chrome (which still seems to work fine and obviously knowing some security software company SSL certificate authorities) and searched the web for a solution as Google Chrome is not an all-time option for me.

This is how you can dodge the errors above. Following this simple instruction, you will be able to make your FF run as usual.

You might ask: Is there an option to make Firefox ignore SSL errors? Yes and no!

up to FF52, Firefox used a legacy mode that made it open SSL sites with unknown certificates but only informed the user subtly that the certificate couldn’t be checked for validity. From FF53 and newer, Firefox refuses to open sites with unknown SSL certificates.

Firefox has no such setting anymore!

That’s a terribly terse answer, but I’m afraid it’s all there is. Firefox usually errs on the side of not letting you view a site at all in case of some problems rather than letting you override it even if you want to.

That said, if you’re getting certificate warnings for everything on a private network, it’s almost certain that the local IT group is running an SSL interception proxy. You’re not going to get to the internet without accepting their certificate, so here’s how you do that:

1. Open up the certificate properties for one of the pages you get an error on (after adding the exception in Firefox) by clicking the lock in the address bar, the right arrow, and then “more information”.

2. In the Security tab, click on View Certificate, and then the Details tab on the new window.

3. Under Certificate Hierarchy, examine the name of the topmost certificate. It’s probably going to be from a security vendor of some kind like Symantec or Barracuda.

4. Click on it, and then go to Export at the bottom.

5. Save the file somewhere accessible

6. Close the security and certificate windows, and open your Firefox settings (top right hamburger menu, Options)

7. Click Advanced on the bottom left, and then click View Certificates

8. Click the Authorities tab, and then Import

9. Locate the file you just saved

10. Accept the warning.

It is very important you don’t get into a habit of doing this procedure, and only to do it when you know with COMPLETE certainty that the certificate is legitimate. I cannot emphasize this enough – call the IT people and have them verify the name on the certificate if you’re even slightly unsure, since now you’ve just told Firefox to accept any and all certificates that the CA you just imported signed. You will receive no more warnings of that sort for this certificate. If you import a malicious certificate, you’ve just shot yourself in the foot.

If you followed the instructions above, Firefox should work the way you know it again.

I hope it helps you in the same way like it did for me.


October 16, 2018 Netspark - 1594 posts - Member since: May 9th, 2011 No Comments »

RATING :
Rockbottom!Very badBadAverageGoodVery goodAwesome! (1 votes, average: 4.00 out of 7)
Loading...
FILED UNDER :Computer , Curiosities , News , Thoughts
TAGGED WITH : , , , , ,

Leave a comment