Closed Bug 1441118 Opened 7 years ago Closed 7 years ago

No way to add a security exception on gov.uk website

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
58 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: riksoft, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20180209193630 Steps to reproduce: Go to https://www.vehicleenquiry.service.gov.uk/ Actual results: SEC_ERROR_UNKNOWN_ISSUER This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. Expected results: Maybe the main problem is that gov.uk dosn't understand a jack **** about configuring certificates, however is equally ridiculous I have to use an older version of Firefox to add a security exception and enter such website. I've addedded the exception from the certificate manager but the problem remains.
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Same problem on FF developer edition.
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID 20180301024724 Hi Rik, I was unable to reproduce the issue you have experienced on the latest Firefox release and the latest Nightly using Windows 10 x64, Windows 7 x64, Mac 10.12, Arch Linux x64 and Ubuntu 16.04 x32. I've navigated to the https://www.vehicleenquiry.service.gov.uk/ website and I haven't received any notice of expired certificates. Could you please try to reproduce the issue using a new clean Firefox profile (https://goo.gl/AWo6h8), maybe even safe mode (https://goo.gl/AR5o9d), to eliminate custom settings as a possible cause?
Flags: needinfo?(riksoft)
Hi Ciprian, me either, I don't see any problem anymore. They have fixed their certificate so the cause that triggered the problem is gone. I don't have any other website at hand with such error, but quite surely the problem is still there: there is no way to bypass SEC_ERROR_UNKNOWN_ISSUER, and I think it should be because some website are 100% reliable and by the way the action involved is not dangerous. E.g. I had to see for my car tax/mot expiration date and the only way to do that was to use an old version of Firefox not affected by such problem. If it wasn't for the old firefox I had to waste time calling by phone because the current firefox is too strict to let me add an exception not only from the popup but not even from the certificate manager.
Flags: needinfo?(riksoft)
hi, as the error message said "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely". the webserver is specifying that browsers shouldn't allow an exception if a secure connection is failing for whatever reason & firefox is just following that spec: https://tools.ietf.org/html/rfc6797#section-12.1 so i'm tentatively closing this report as wontfix.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
I saw that but it's ridiculous I can't force it anyway from the certificate manager when I'm sure it's an error. Fortunately I have an old Firefox in a VM for such occasions. All these extra exaggerations on security are getting really annoyoing!
You need to log in before you can comment on or make changes to this bug.