Imported CA certificate is delete after each reboot




Security: PSM
10 months ago
9 months ago


(Reporter: eiopago47, Unassigned, NeedInfo)



54 Branch

Firefox Tracking Flags

(Not tracked)



(1 attachment)



10 months ago
Created attachment 8879694 [details]
Before-After Reboot.JPG

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170608105825

Steps to reproduce:

I run a transparent squid proxy server in my company
Every user to be able to access https websites has to import our own CA certificate in Firefox for squid to incercept.

Actual results:

Since the update to Firefox 54 (64 bit), https sites are accessible right after importing our CA certificate but after each reboot of a computer the certificate disappears from Firefox and has to be re-imported.
Because of this we get the following error when opening https sites:

Expected results:

Our CA certificate should not be deleted.

I have tried to refresh Firefox but the behaviour is the same.

Comment 1

10 months ago
This is the error we get:

Your connection is not secure

The owner of has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.


10 months ago
Component: Untriaged → Disability Access APIs
Keywords: dataloss
Product: Firefox → Core

Comment 2

10 months ago
Component: Disability Access APIs → Security: PSM
Some things to check:
* Do you have any add-ons installed that may be removing the added certificate?
* Is the user's profile getting cleared for some reason between runs of Firefox?
* How are you adding the certificate? (e.g. via the certificate manager?)
Flags: needinfo?(eiopago47)

Comment 4

10 months ago
Hi David,

Some answers for you:

1- No add-ons
2- Not between runs of Firefox, but after each reboot of the computer the profile folder in C:\Users\fred\AppData\Roaming\Mozilla\Firefox\Profiles has a different name.
3- The certificate is added via the certificate manager (as shown in the attachement I sent when I reported the bug)
Flags: needinfo?(eiopago47)
Thanks! Are other settings saved? For example, bookmarks or open tabs? (e.g. if you configure Firefox to "show your windows and tabs from last time")
Flags: needinfo?(eiopago47)

Comment 6

10 months ago
All those settings are saved. I can restore the previous session no problem and bookmarks are saved too.
Flags: needinfo?(eiopago47)
Hmmm. To expand on comment 4 a bit, when and why does the profile location change? If you run Firefox once, import the certificate, and run Firefox again (without restarting your computer), does it work as expected? If so, it would seem that another process outside of Firefox's control might be messing with your profile directory and causing this behavior.
Flags: needinfo?(eiopago47)
Last Resolved: 9 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.