Closed Bug 524500 Opened 15 years ago Closed 13 years ago

Impossible to add self-signed certificates to exceptions

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
10 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 659736

People

(Reporter: tht.infernozeus, Unassigned)

References

Details

(Whiteboard: DUPEME? STR in Comment 16)

Attachments

(1 file)

Invalid certificate, but impossible to continue on the web application
16.27 KB, image/png
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20091025 Minefield/3.7a1pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20091025 Minefield/3.7a1pre While trying to access an IP on my home network, which is self-signed, FF tells me that the connection is untrusted and that the certificate "is not trusted because it is self-signed. That's fine and I expected it, so I clicked Add Exception... however in the dialog that appears, it says that the certificate is fine, and won't let me add it as an exception. Reproducible: Always Steps to Reproduce: 1. Access a site with a self-signed certificate 2. Try and add an exception for it Actual Results: Doesn't let you add an exception Expected Results: Should let you add an exception Using Minefield 3.7a1pre x86 on Windows 7 x64
Can you please provide a testcase/URL ?
Not easily, It only occurs for me on my home network (I've set up a ReadyNAS Duo, which self-signs it's certificate) and I wouldn't know how to go about trying to set up a testcast/URL for this.
wfm with https://board.hd-area.net/ and SM trunk and FF3.5.4 on win32
I'm running the latest version of Firefox 4.0 from the Archlinux repos, and have encountered the same bug.
Hi, I am on FF 4.0, Win XP SP3 I have the same problem. It seems to occur, when you permanently try to store the self signed certificate and later you change the self sign certificate. I can give screen capture to give more information where the problem is... To reproduce easily the problem, use private proxy like burp or paros ;)
This issue is still in Firefox 7.0.1 (Windows 7 64 bit). Please deliver a fix. When you've added a permanent exception for a self-signed certificate this is sometimes forgotten at random times. The page that the certificate is self-signed is shown and when you want to add the exception again it shows that the certificate is valid, yet you can't continue and you can't add the exception. The only way to quickly solve it is by killing firefox.exe. Possibly related or the same: https://bugzilla.mozilla.org/show_bug.cgi?id=492370 https://bugzilla.mozilla.org/show_bug.cgi?id=457573
Can someone please confirm if either bug 492370 or bug 457573 are duplicates of this bug?
Whiteboard: DUPEME?
Could be: all of them are basically undiagnosed and don't have good STR, so it's hard to be sure.
Perhaps some additional information that might help: If I go view the certificate for which I have this problem in the certificate manager - servers tab in options, the certificate name is "not stored" under "unknown", the server is "owa.nameofthecompanyforwhichiwork.be:443", lifespan is "forever", expiration date is empty. Note that if I select the certificate that the "view", "edit trust" and "export" buttons are disabled, this isn't the case for the other (normal) certificates in the list.
Dupe of Bug 688822? It has a good set of steps and even a regression window.
Could be yes, I'm not sure since the description is a bit different: "Confirm exception does nothing, staying in "This Connection is Untrusted" page". With the problem I have (and shown in the screenshot in this bug) the Confirm button is simply not clickable. Note that if I try his steps that should reproduce the problem (with https://shop.baileyguitars.co.uk:2083 ), I get the error page without the "I understand the risks" section like you. This is not the same as the problem I have (and shown in the screenshot in this bug). The fact that he can create a case for which the problem always occurs, is also different: I have the problem at random times (with sometimes a long time of it working correctly in between).
It might be interesting/useful to see if the regression range causing bug 688822 is also causing this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=688822#c8
Same problem here. FWIW I could add an exception before (don't remember in which Firefox, maybe Firefox 4 or 5), then I deleted it and tried to add the exception again, and now I have this bug (can confirm in Firefox 6 and Firefox 8 beta). I can see this with the certificate in https://webmail.orangedemo.gmessaging.net (but we may change the certificate there soon if we find it happens elsewhere). The workaround in bug 492370 doesn't work since I actually don't have the exception. I also believe this is a dup of Bug 457573.
I could reproduce it with a clean profile in Firefox 6. 1 - go to https://webmail.orangedemo.gmessaging.net 2 - add an exception for this certificate 3 - remove this exception (it's in the "Servers" tab, and under the Verisign tree since it was issued by Verisign) 4 - go back to https://webmail.orangedemo.gmessaging.net 5 - click on "Add an exception" 6 - the modal dialog won't let me add this exception I tried with another website (https://linuxfr.org) and I couldn't reproduce the bug. So I think my bug can be related to how wrong the certificate really is.
Same steps in Firefox 8 (current beta) triggered the same symptoms. Will try in a nightly.
Same with nightly 10.0a1 (2011-10-05)
Whiteboard: DUPEME? → DUPEME? STR in Comment 16
Version: unspecified → 10 Branch
Yes, this is the same problem as bug 660749 :(
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Workaround see bug 660749 comment 6
Status: RESOLVED → VERIFIED
Bug 688822 has to do with two different certificates for the same host (but different IP) and STS, I guess that's not the case for most people here (there only seem to be two certificates for linkou). This looks like bug 492370, which was happening way before the regression range of bug 688822
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: