Closed Bug 1673538 Opened 5 years ago Closed 5 years ago

Self signed certificate blocking - chicken - egg -chicken

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Firefox 82
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: stefan_matthaeus, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0

Steps to reproduce:

We have bought a brand new hardware appliance for a lot of money which came originaly from a manufacturer with a self signed https certificate. The full management of the appliance goes through web interface. There is no console or other tool to configure the appliance except the web interface (no ssh, no telnet, no proprietary tool, nothing else than HTTS). Inside that web interface there is also a function to install a new certificate to the appliance. We like to do that, but no current browser let us log in. Not Edge (new/old), not Chrome, not Firefox. (Internet Explorer does, but with that only a status dashboard is displayed)

Actual results:

Get a warning about self signed certificate, can not continue

Expected results:

Get a warning about self signed certificate, click on advanced, accept risk, open the page to configure the appliance. Install valid certificate.

Security is nice, but browser should not behave like user is am unexperienced child. This is a chicken - egg - chicken -egg - ... problem. And it can happen with any kind of appliance, like VMware, Dell OME, Citrix Gateway, McAfee Proxy, ... when you are a technician and want to start the appliance initially.

Assigning "Core: Security: PSM" component to more investigations to be done.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Security: PSM
Product: Firefox → Core

What is the error message you see?

Flags: needinfo?(stefan_matthaeus)

Can not reproduce anymore as we installed old firefox version to get over that message. The appliance has now valid CA signed certificate. You should try yourself with apache with self signed certificate.

Maybe you try here https://badssl.com/ and give the user the risk warning to anyhow open the site in safe mode.

Flags: needinfo?(stefan_matthaeus)

Usually when Firefox encounters a self-signed certificate, it allows the user to add an override. There are a few cases where it isn't possible to add an override, so I was trying to gather more information about your specific situation to narrow down the issue. Reproducing the general situation of "a self signed certificate" myself won't help in this case, since it's the details that really matter. Since it works for you, I'll resolve this as "worksforme".

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.