disable "This Connection is Untrusted" messages

[dickvl]

Did you check who is the issuer of the certificates?

Some firewalls monitor secure connections and send their own certificate instead of the certificate from the web server.
You can check that if you retrieve (get) the certificate and look at the issuer.
In such cases you need to install the root certificate of that firewall to make Firefox recognize the issuer of the certificate or disable monitoring secure connections (port 443).
See also http://kb.mozillazine.org/Firewalls

[Guest]

+1 for a way to disable this message. In many cases I do not care at all that the site is https, for me http would be good enough too. And *I* decide whether a site is trusted, firefox telling me that a site is not trusted is bull.

[Bluefang]

The issue is not the destination server its self (i.e. 'the site'), but the 15+ bounces your request/response make between you and the destination. Anyone of those points could be compromised. That's why SSL attacks are man-in-the-middle spoofing attacks.

If it's a site you visit regularly, why haven't you added a permanent exception?

[gregwesson]

If it's a site you visit regularly, why haven't you added a permanent exception?

I have the same issue. The "site" I visit regularly is a proxy server (actually about 30 different proxies). Each uses a self-signed certificate. I can add the security exception once, but since these are test machines I reimage them regularly to factory default settings. Doing so creates a new private/public key pair and a self-signed certificate.

For anyone who administers internal devices which have self-signed certificates, this error is a real pain. I would even be happy with a compromise. Allow me to set trusted domains, and add to it the IANA internal IP addresses (192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12). If any request is made to anything that matches those sites, it automatically trusts the cert for that session or gives me a single click "ok" button defaulted so that I can hit [enter].

I'm happy with Firefox (happier with Opera, but it's not 100% reliable with rendering pages so I have to leave it), but this message is going try my patience more I think.

Greg

[Bluefang]

If these are your machines, then you can create your own Root CA, add it to Firefox, then create your individual certificates with the CA you created.

[gregwesson]

The machines generate a completely new keypair every time they are reinitialized (which happens once every couple weeks on average). It's a self-signed cert, so adding the CA will not work I'm afraid.

As is, I can work around it with an autohotkey script, but it is just a general annoyance that I have to write an external script rather than having a knob I can turn off the built-in browser functionality. As an aside, a similar problem exists in Opera which can't be solved without a script either. Opera chooses to use a popup and the default action if I hit [enter] is to accept it. It's better, but still exists so the problem is not unique to Firefox.

Greg

[Ktjamm]

A lot of these posts are about getting around the wall. I'd like to remove the wall, please. I administrate 100s of internal sites that change fairly regularly. This is regularly adding unnecessary time to my workload, and I would prefer to not have to use IE if I don't have to. Is there any way to disable the "this Connection is untrusted" message without disabling all error messages?

[dickvl]

If you have a router then try to reset that router.

You can retrieve the certificates to see who issued them.
If it is your security software then you need to get a root certificate or disable the scanning (monitoring) of a secure connection.

Some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.
You can click the link at the bottom of the error page: "I Understand the Risks"
Make Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
Click the "View..." button to inspect the certificate and check who is the issuer.

[truefire]

Hi, I work for a company with a crapload of servers I need to access daily. Please help me disable this message. I use Firefox for browsing known websites only, security is not inherently necessary.

Thanks in advance,

[truefire]

Hi, I work for a company with a crapload of servers I need to access daily. Please help me disable this message. I use Firefox for browsing known websites only, security is not inherently necessary.

Thanks in advance,

Please help me disable this message.

I think I found a work around.

https://addons.mozilla.org/en-US/firefox/addon/10246

[Bluefang]

That's all well and good, but keep in mind that such an extension undermines the security benefits of SSL.

If you insist on using this, I recommend using 2 profiles. One without the extension for your day-to-day browsing, and one with the extension for browsing the problem sites (i.e. company intranet or proxy servers that constantly change their certificates).

As the extension description mentions:

WARNING: please disable RCE when you are going to a untrusted website to avoid phishing and mal-ware because RCE is a crazy idea to bypass any SSL pages automatically!

Using this extension all of the time is not safe, even on trusted sites. In fact, if you get SSL errors on a trusted site that has never given you an error before, it could have been compromised. With this extension, you probably wouldn't even notice.

[Ronaldin]

Change your System Date/Time to the Present Date/Time!!! It will works... the main reason is that firefox checking signatures and expiration of the site... If your Date incorrect, firefox will alarm you that site is untrusted! http://kabayanactiongroupne.webs.com

[Guest]

ok i had tha same problem well i still do but i found this trick when u click on a site and it says this connection is untrusted i dont remember fully but on tha third higlighted title i think once u click on that theres gonna b an option sayin add exception click on it n then u can disable it forever for that site only way i no how to n so far now that ive done that it gives me acces t all tha site hope this helps u

[MarkJenks]

Can someone just change the STUPID feature so it can be disabled completely and turned back into a single click "I understand"

This just Sucks! I hate having to use 2 browsers all day long. IE for the self signed, and firefox for everything else.

[Henry Lloyd]

I'm amazed how people like 'dickvl' are able to send generic messages about : there could be a problem with your profile, anti-virus, firewall, Windows, system time, etc, etc for more than 40,000 posts. People, remember that FF users are also a programmers, system administrators and generally computer-savvy people, that actually know what they are doing, and these are not the regular type of users. So far, I've seen people leaving FF (where I'm heading to as well), people asking if this 'security feature' can be disabled by a simple statement, whether it will be true or false, and people that really had issue with the system date - 2 of them, actually. Mozilla, please read those messages and take care of that annoying feature that prevents the users from actually browsing the net. Please also understand that there are proxies or internal sites, or even a security software that uses self-signed certificates, and they change every build or on every connection. So, please save us, like, 2 hours of total 24 clicking here and there, and give us a chance to embrace all the risk for doing this.