No option to show certificate fingerprint

NEW
Unassigned

Status

()

defect
5 years ago
5 months ago

People

(Reporter: rom, Unassigned)

Tracking

Trunk
ARM
Android
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131030 Firefox/17.0 Iceweasel/17.0.10 (Nightly/Aurora)
Build ID: 20131030041028

Steps to reproduce:

When I go to my self-hosted website with a self-hosted certificate, I got a page "security warning… add a permanent exception", as expectd.

But while on Firefox desktop, I can check the fingerprint before clicking on "add a permanent exception", on Firefox Android, there is no fingerprint displayed, so I can't know at all if I can trust it at all (to avoid MITM during the first connection).


Actual results:

No fingerprint is displayed anywhere.


Expected results:

It should show a fingerprint to be sure this is the right certificate.
(Reporter)

Updated

5 years ago
Summary: Option to show self-signed certificate fingerprint → No option to show self-signed certificate fingerprint
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → Android
Hardware: x86_64 → ARM
Version: Firefox 26 → Trunk

Comment 1

5 years ago
I would complete this bug/request : Firefox Android should show every information common information of the certificate, including the certification chain. Users may have self-signed certificates, but they an also have their personal certificate authority.

Comment 2

4 years ago
I think it should be possible to show the HTTPS SSL certificate always when an HTTPS URL is opened. Not just when there's the need to add an exception.

Even the stupid standard Android stock browser gives the possibility, to tap on the website icon on the upper left and show the certificate informations (including fingerprint) always when an HTTPS URL is opened. (tested on Android 4.4)
At least this should be possible on Firefox-for-Android too!

Additionally there should be a possibility to remove certificate-exceptions afterwards. See bug #795767 for details.
Duplicate of this bug: 1148400

Comment 4

4 years ago
I think, this is an important bug. Are there any news?
Summary: No option to show self-signed certificate fingerprint → No option to show certificate fingerprint
Duplicate of this bug: 1250593

Comment 6

3 years ago
I believe the visibility of SSL certificate information is more important on mobile devices and needs to be included as a display option to provide the user the ability to validate that information prior to visiting the site or adding an exception.

Comment 7

3 years ago
(In reply to Chuck from comment #6)
> I believe the visibility of SSL certificate information is more important on
> mobile devices and needs to be included as a display option to provide the
> user the ability to validate that information prior to visiting the site or
> adding an exception.

This is so true. Also Google say Mobile is more used than Desktop for surfing the web. Mobile will be more attacked by hacker and phishing and all information about SSL should be showed not hidden as in Firefox for Mobile. This is very important to fix, implement asap.

Comment 8

2 years ago
Today seems a security issue report will be not fixed https://bugzilla.mozilla.org/show_bug.cgi?id=1332714
and in Firefox mobile still be not possibile check the certificate of a website... this is another security issue not fixed yet and reported 3 years ago... still be unassigned and unfixed...
Duplicate of this bug: 1506395
You need to log in before you can comment on or make changes to this bug.