Self signed cert on HSTS domain cannot be manually trusted
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: gunnar.gudvardarson, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Steps to reproduce:
Create self signed cert with:
ca: true
cn: "lo.example.com" (where "example.com" is actually my personal domain, and "lo." points to "::1")
subjectAlternativeName: "lo.example.com" ^
Install it as a trusted system cert.
Enable enterprise certs in Firefox, verified that it was installed and enabled for verifying websites.
Actual results:
Chrome works, curl works, python requests works...
Firefox gives an error MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.
No way to bypass or ignore or trust the cert i told it to trust.
Expected results:
Trust the cert that I added manually to the cert store.
I forgot to add that all of my domains and all subdomains have HSTS enforced.
Updated•5 years ago
|
This may be fixed by bug 1515608. In the meantime, you can create a certificate hierarchy where the CA is not the same as the end-entity.
Description
•