Akom's Tech Ruminations

Various tech outbursts - code and solutions to practical problems
Code and Hacks

Firefox 3 Uber SSL Security madness for Self-Signed Certificates

Posted by Akom • Tuesday, October 7. 2008 • Category: Code and Hacks

Or the infamous "Or you can add an exception" thing.

Apparently since Firefox 3, if you stumble on a site with an invalid SSL certificate, be it expired, self-signed, or bad in any other way, you are greeted (as before) with a warning. Only this warning requires 8 steps to bypass, not all of which are intuitive to the normal power user. Moreover, in my experience, Firefox will prompt you again and again once your restart it, despite the fact that you checked "Permanently store this exception". And why do I need to "download" the certificate anyway? The browser must have already retrieved it by now since it's warning me about it.

I actually considered downgrading to Firefox 2... but I found a solution.
Here is what you do:

Browse to about:config, and look for (type into search): browser.ssl_override_behavior

Change the value from 1 to 2.

This will fetch the certificate automatically, instead of forcing you to click a button.

Then set browser.xul.error_pages.expert_bad_cert to true (You can double-click the line to toggle)

This will fast forward you to the second page in the painful story.

Interestingly, after I made these changes, the exceptions I was adding became permanent. I restarted firefox, went to the sites - and got no prompts! Yay, OK FF3 is not so bad.

0 Trackbacks

  1. No Trackbacks


Display comments as (Linear | Threaded)
  1. No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Markdown format allowed

Submitted comments will be subject to moderation before being displayed.