Closed Bug 1527100 Opened 5 years ago Closed 5 years ago

Self signed cert on HSTS domain cannot be manually trusted

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
65 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1515608

People

(Reporter: gunnar.gudvardarson, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce:

Create self signed cert with:
ca: true
cn: "lo.example.com" (where "example.com" is actually my personal domain, and "lo." points to "::1")
subjectAlternativeName: "lo.example.com" ^

Install it as a trusted system cert.
Enable enterprise certs in Firefox, verified that it was installed and enabled for verifying websites.

Actual results:

Chrome works, curl works, python requests works...

Firefox gives an error MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.

No way to bypass or ignore or trust the cert i told it to trust.

Expected results:

Trust the cert that I added manually to the cert store.

I forgot to add that all of my domains and all subdomains have HSTS enforced.

Component: Untriaged → Security: PSM
Product: Firefox → Core

This may be fixed by bug 1515608. In the meantime, you can create a certificate hierarchy where the CA is not the same as the end-entity.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.