Impossible to add self-signed certificates to exceptions

VERIFIED DUPLICATE of bug 659736

Status

()

Firefox
Security
--
major
VERIFIED DUPLICATE of bug 659736
8 years ago
6 years ago

People

(Reporter: Ben Fox-Moore, Unassigned)

Tracking

10 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: DUPEME? STR in Comment 16)

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20091025 Minefield/3.7a1pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20091025 Minefield/3.7a1pre

While trying to access an IP on my home network, which is self-signed, FF tells me that the connection is untrusted and that the certificate "is not trusted because it is self-signed. That's fine and I expected it, so I clicked Add Exception... however in the dialog that appears, it says that the certificate is fine, and won't let me add it as an exception.


Reproducible: Always

Steps to Reproduce:
1. Access a site with a self-signed certificate
2. Try and add an exception for it
Actual Results:  
Doesn't let you add an exception

Expected Results:  
Should let you add an exception

Using Minefield 3.7a1pre x86 on Windows 7 x64
Can you please provide a testcase/URL ?
(Reporter)

Comment 2

8 years ago
Not easily, It only occurs for me on my home network (I've set up a ReadyNAS Duo, which self-signs it's certificate) and I wouldn't know how to go about trying to set up a testcast/URL for this.
wfm with https://board.hd-area.net/ and SM trunk and FF3.5.4 on win32
Duplicate of this bug: 522147

Comment 5

7 years ago
I'm running the latest version of Firefox 4.0 from the Archlinux repos, and have encountered the same bug.

Comment 6

7 years ago
Hi,

I am on FF 4.0, Win XP SP3
I have the same problem.

It seems to occur, when you permanently try to store the self signed certificate and later you change the self sign certificate.

I can give screen capture to give more information where the problem is...

To reproduce easily the problem, use private proxy like burp or paros ;)

Comment 7

7 years ago
Created attachment 529428 [details]
Invalid certificate, but impossible to continue on the web application

Comment 8

6 years ago
This issue is still in Firefox 7.0.1 (Windows 7 64 bit). Please deliver a fix.
When you've added a permanent exception for a self-signed certificate this is sometimes forgotten at random times. The page that the certificate is self-signed is shown and when you want to add the exception again it shows that the certificate is valid, yet you can't continue and you can't add the exception. The only way to quickly solve it is by killing firefox.exe.

Possibly related or the same:
https://bugzilla.mozilla.org/show_bug.cgi?id=492370
https://bugzilla.mozilla.org/show_bug.cgi?id=457573
Can someone please confirm if either bug 492370 or bug 457573 are duplicates of this bug?
Whiteboard: DUPEME?

Comment 10

6 years ago
Could be: all of them are basically undiagnosed and don't have good STR, so it's hard to be sure.

Comment 11

6 years ago
Perhaps some additional information that might help:
If I go view the certificate for which I have this problem in the certificate manager - servers tab in options, the certificate name is "not stored" under "unknown", the server is "owa.nameofthecompanyforwhichiwork.be:443", lifespan is "forever", expiration date is empty. Note that if I select the certificate that the "view", "edit trust" and "export" buttons are disabled, this isn't the case for the other (normal) certificates in the list.
Dupe of Bug 688822? It has a good set of steps and even a regression window.

Comment 13

6 years ago
Could be yes, I'm not sure since the description is a bit different: "Confirm exception does nothing, staying in "This Connection is Untrusted" page". With the problem I have (and shown in the screenshot in this bug) the Confirm button is simply not clickable.
Note that if I try his steps that should reproduce the problem (with https://shop.baileyguitars.co.uk:2083  ), I get the error page without the "I understand the risks" section like you. This is not the same as the problem I have (and shown in the screenshot in this bug).
The fact that he can create a case for which the problem always occurs, is also different: I have the problem at random times (with sometimes a long time of it working correctly in between).
It might be interesting/useful to see if the regression range causing bug 688822 is also causing this bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=688822#c8
Same problem here.

FWIW I could add an exception before (don't remember in which Firefox, maybe Firefox 4 or 5), then I deleted it and tried to add the exception again, and now I have this bug (can confirm in Firefox 6 and Firefox 8 beta).

I can see this with the certificate in https://webmail.orangedemo.gmessaging.net (but we may change the certificate there soon if we find it happens elsewhere).

The workaround in bug 492370 doesn't work since I actually don't have the exception. I also believe this is a dup of Bug 457573.
I could reproduce it with a clean profile in Firefox 6.

1 - go to https://webmail.orangedemo.gmessaging.net
2 - add an exception for this certificate
3 - remove this exception (it's in the "Servers" tab, and under the Verisign tree since it was issued by Verisign)
4 - go back to https://webmail.orangedemo.gmessaging.net
5 - click on "Add an exception"
6 - the modal dialog won't let me add this exception

I tried with another website (https://linuxfr.org) and I couldn't reproduce the bug. So I think my bug can be related to how wrong the certificate really is.
Same steps in Firefox 8 (current beta) triggered the same symptoms. Will try in a nightly.
Same with nightly 10.0a1 (2011-10-05)

Updated

6 years ago
Whiteboard: DUPEME? → DUPEME? STR in Comment 16
Version: unspecified → 10 Branch

Comment 19

6 years ago
Yes, this is the same problem as bug 660749 :(
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 660749

Comment 20

6 years ago
Workaround see bug 660749 comment 6
Status: RESOLVED → VERIFIED

Comment 21

6 years ago
Bug 688822 has to do with two different certificates for the same host (but different IP) and STS, I guess that's not the case for most people here (there only seem to be two certificates for linkou).
This looks like bug 492370, which was happening way before the regression range of bug 688822
Duplicate of bug: 659736
You need to log in before you can comment on or make changes to this bug.