how to script adding certificate exception when a selfsigned certificate is used

RESOLVED WONTFIX

Status

()

Core
Security: PSM
RESOLVED WONTFIX
3 years ago
2 years ago

People

(Reporter: yanolezard, Unassigned)

Tracking

32 Branch
x86
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140917194002

Steps to reproduce:

Hi,

I meet some issues with the Firefox certificates management.

- Firefox v32.0.2 on Windows 7 32 bits
- a self-signed certificate created with OpenSSL 32 bits (not an official PKI because complex situation)
- Firefox and self-signed certificate have been deployed on 11000 workstations with some automated process (scripts).

The self-signed certificate is used to securize data flows with https protocol between two WebServices and different applications in a LAN
There is no certificate problem with the other web browsers as Internet Explorer, Safari, Chrome.

I have already deployed and installed the self-signed certificate with an Microsoft Active Directory GPO (there is an addon GPO for FireFox) and it is OK


Actual results:

Issue:

When the application WebService calls Firefox, a message indicates to the users that the connection can't be certified and ask them to add an exception.
the WS URL is appeared and the users must click on "Confirm security exception" (the checkbox "Conserv this exception permanently" must be checked)
It is a bit "dangerous" to let the users with these different choices and this is not very friendly. 


Expected results:

I want to script these actions (add certificate exception, confirm exception, ..) in order to have a complete solution for users. There is no documentation about this on the web. So , I consider that as a bug.

Thanks a lot
Best regards

Comment 1

3 years ago
Hi, have you considered trying https://support.mozilla.org/ first?

As a bug, this is most likely a duplicate (filed before) invalid (support request) bug.

Comment 2

3 years ago
Moving in case something more than documentation can/should be done.
Component: Untriaged → Security: PSM
Product: Firefox → Core
I think you're looking for an add-on that behaves like this one: https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/
If you want to write a new add-on, the interface to use is this one: https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsICertOverrideService.idl
Here is general documentation on writing add-ons: https://developer.mozilla.org/en-US/Add-ons
This isn't something we're going to support directly in the product, however.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.