Firefox 3 Uber SSL Security madness for Self-Signed Certificates
Posted by Akom • Tuesday, October 7. 2008 • Category: Code and HacksOr the infamous "Or you can add an exception" thing.
Apparently since Firefox 3, if you stumble on a site with an invalid SSL certificate, be it expired, self-signed, or bad in any other way, you are greeted (as before) with a warning. Only this warning requires 8 steps to bypass, not all of which are intuitive to the normal power user. Moreover, in my experience, Firefox will prompt you again and again once your restart it, despite the fact that you checked "Permanently store this exception". And why do I need to "download" the certificate anyway? The browser must have already retrieved it by now since it's warning me about it.
I actually considered downgrading to Firefox 2... but I found a solution.
Here is what you do:
Browse to about:config, and look for (type into search): browser.ssl_override_behavior
Change the value from 1 to 2.
This will fetch the certificate automatically, instead of forcing you to click a button.
Then set browser.xul.error_pages.expert_bad_cert to true (You can double-click the line to toggle)
This will fast forward you to the second page in the painful story.
Interestingly, after I made these changes, the exceptions I was adding became permanent. I restarted firefox, went to the sites - and got no prompts! Yay, OK FF3 is not so bad.
0 Comments
Add Comment