Open Bug 1569357 Opened 1 year ago Updated 9 months ago

OneCRL Support for Custom Distrust Messaging


(NSS :: CA Certificates Code, enhancement)

Not set


(Not tracked)


(Reporter: wthayer, Unassigned)


Currently whenever a certificate is added to OneCRL, Firefox users will receive a generic "revoked" error message when browsing to a website relying on the certificate. In some cases, we may want to deliver a custom error message to the user explaining why the certificate has been distrusted and their connection to the website is blocked. For example, we may want to give the user instructions on how to resolve the problem, or to explain that they will be susceptible to a MITM attack if they continue to the website.


  • As a OneCRL admin, ISBAT define the copy for a custom error message that will be delivered to Firefox users when they attempt to access a site using the distrusted certificate.
  • As a OneCRL admin, ISBAT optionally define the custom error message for a specific distrusted certificate as overridable.
  • As a Firefox user, ISBAT view the custom error message for the distrusted certificate in the language set in my profile.

Need to determine if this will be uplifted to ESR 68

You need to log in before you can comment on or make changes to this bug.