Closed Bug 1218884 Opened 10 years ago Closed 10 years ago

Can't accept ssl certificate (aurora 43.0.a.2)

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
43 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 941354

People

(Reporter: blog, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0 Build ID: 20151026004023 Steps to reproduce: Call page with fake certificate (e.g. because in a local environment the official certificate is not valid). Open via warning the certificate dialog and try to click "Sicherheits-Ausnahme bestätigen" ("Confirm certificate rule"?). Actual results: Click does not work. Button seems to be dead. Expected results: Click shoud save the wrong certificate, or at least tell the browser to go back and load the page, even if unsecure.
Thank you for the bug report. If open "Technische Details", there should be more information about the error. Please copy this and paste it here. Furthermore, also open "Web-Entwickler" ("Web developer") > "Browser-Konsole" ("Browser console"), clear it, load the page and try to add the certificate. If you see errors, please also insert them here. Can you also reproduce the issue on https://badssl.com/ with the certificate with the same error message?
Flags: needinfo?(blog)
"Technische Details" says: [my-local-URL] verwendet ein ungültiges Sicherheitszertifikat. Dem Zertifikat wird nicht vertraut, weil es vom Aussteller selbst signiert wurde. (Fehlercode: sec_error_unknown_issuer) The console does not give any information. I use a MAMP server on a mac and the certificate is self produced for local environment. It gave always this error, but I never had any problems to accept it at own risk. I assumed it is more of an UI bug, yesterday the button did evennot change color when I cklicked it, today it gets blue, but also no reaction at all, the window does not dissapear the certificate is not added. But all the tests on https://badssl.com/ work fine and I am able to accept and save the exceptions. :-/
Flags: needinfo?(blog)
Hey there, I "accidently" solved it for me. One important info was missing (I was not aware of it): In my setting there is one host (www.myDomain) for the main page and a specific asset host for the assets (static.myDomain). So every time I delete all chached data from my browser I call the main page and accept the certificate for that host (www.myDomain) then I see a page without the CSS/JS parts. I open "source" for the main page in a new tab and click on the asset URL (that has the other host "static.myDomain"), that is opened in a new window/tab and I get again the dialog about the certificate. And this dialog does (still) not work (like described above). Now I copied the URL for the CSS assets and opened a new window myself and pasted it into the URL-field. I got the certificate dialog and that worked now. So the problem seems to be, that the URL was clicked inside the source window. (I workflow did not change in the last months, so I can definetly say it worked before.) I think there is a bug, so I don't want to mark it as solved. But feel free to do so if you think that this is no bug. Feel also free to change the subject or move it somewhere else... Thanks!
Component: Untriaged → Security: UI
Product: Firefox → Core
(In reply to blog from comment #3) > I open "source" for the main page in a new tab and click on > the asset URL (that has the other host "static.myDomain"), that is opened in > a new window/tab and I get again the dialog about the certificate. And this > dialog does (still) not work (like described above). This sounds like bug 941354. There's also the issue that an exception added for www.example.com doesn't affect other subdomains of example.com (so resources from static.example.com will still fail). As you've discovered, manually adding exceptions for every domain you're interested in is one way to address this. Another option would be to set up your own mini CA hierarchy where a root certificate issues some end-entity certificate(s). Then, you can import and trust that root certificate (about:preferences -> Advanced -> Certificates -> View Certificates -> Authorities -> Import). See also https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates for more background.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.