Configure Firefox to allow all SSL certificates?

[iofhua1]

I want to connect to a site that has an issue with it's SSL certificate. I don't know if it's self-signed, or expired, or what, but I *NEED* to connect to it - it's part of my job.

It's giving me this error:
"Secure Connection Failed
An error occurred during a connection to *********. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)"

I used to be able to bypass this by disabling PKIX verification in about:config, but that doesn't seem to be working anymore. If there is an option to do so, please let me know.

But if there is not, just let me say that this is ridiculous. I am not the only user having this problem, and as a user I should be able to configure my browser however I want, and if I want to connect to places with bad SSL certs, I have every right to do so. So does every other user of Firefox. It is disgusting to me that a handful of developers can take an open-source program that masses of people use and take it in a direction that causes grief to these masses of users - without any input from them. Did at any point in the development of this newer version did someone stop and say "Hey, maybe some of our users don't want us shutting down these connections in their browser?"

I need to connect to this device, and this is non-negotiable. I don't care if it has a bad SSL cert. If Firefox can't do this for me, I will be uninstalling it from my PC and all 1000+ PC's in my workplace. I can do that - I make the damn images for them every year. I just won't be including Firefox next year. Way to keep your users, am I right?

[JayhawksRock]

Try changing the value for this pref security.tls.version.min to 1 and restart Firefox
If that does not fix it then you can take your rant, tutorial and whatever it is over to Mozilla and tell them and ask for a refund... https://input.mozilla.org/en-US/feedbac ... ox/33.0.2/
BTW, we are not Mozilla, merely users helping users. "mozillaZine is an independent Mozilla community and advocacy site. We're not affiliated or endorsed by the Mozilla Corporation but we love them just the same."

Good Luck and Have a Nice Life

[therube]

Was there a certain FF version where this stopped working for you?
And if you revert to the version prior is functionality resumed?
Have you searched Bugzilla for similar reports?
You may very well be running into a situation not considered & posting a bug, if none exist already might help?

[s-rod]

I had the same problem. This functionality has changed if version 33. The problem was first introduced in version 31 (and 32), in which I could go to about:config and toggle security.use_mozillapkix_verification. However in version 33 this no longer works. See https://bugzilla.mozilla.org/show_bug.cgi?id=1042889 Aoparently there is going to be an effort to fix it in future version. I am going to use Chrome in future.

[LoudNoise]

Unless I am misreading the bug. It should be in version 33 either now or rsn.

status-firefox33: fixed

[s-rod]

I am a bit confused by the bug report as comment #164 states that version 33.1 (not 33.0) will have the fix. And comment #159 states that it will be integrated into FF 34/35. I also went to the beta page at https://www.mozilla.org/en-US/firefox/3 ... easenotes/ and it still shows that bug 1042889 is unresolved.

[s-rod]

Also shows up as unresolved for version 33 on https://www.mozilla.org/en-US/firefox/releases/ I am an administrator that deals with a wide variety of devices that have self-signed certificates that are only accessible from a LAN, and encounter this error daily. MOZILLA HAS DECIDED THAT IT KNOWS BETTER THAN ME WHETHER OR NOT TO ACCEPT A SECURITY CERTIFICATE WHICH ONLY EXISTS ON MY NETWORK! Now instead of having a sloppy work-around (v31,32) - it just no longer works (v33). After fighting with it a few hours today I have decided it is much easier to use Chrome (which lets me decide if a certificate is safe) as my default browser as this issue has plagued me thru 3 versions now (31,32,33) and is still not resolved.

[jarri]

The current released version of Firefox is 33.0.2 . According to the bug report it is fixed in that version. There is no 33.1, there was a 33.0.1. If the bug is not fixed in 33.0.2, as claimed, a polite response in the bug, following the rules of bugzilla, would be fine. Chrome does not have any particular dedication to letting the user decide things - Chrome, like other browsers, is soon to block all plugins except for Flash, and will/has deprecated pre-TLS SSL3, and does not function properly when you say you will temporarily visit a site with a bad certificate - (in such case, the images are blocked). But do what you want. Also Mozillazine is not officially connected to Mozilla nor even necessarily visited by them so if you want to complain at them you will have to contact them directly.

[s-rod]

I am using Ubuntu which is still using version 33.0. I looked at going to a newer (not Ubuntu version) - however the release notes for version 33.02 located at https://www.mozilla.org/en-US/firefox/3 ... easenotes/ still shows Bug 1042889 is unresolved.

[therube]

Can't hurt to try 33.0.2, they may just be behind on updating the release notes page.
If it still doesn't work, you'll know soon enough.


> 33.1

33.1 must be speaking of the esr releases.
(So now you have two versions to check . I'd start with the esr as it sounds like they were more willing to put the changes there, first.)

^--- Eh, forget that! These version numbers are getting me confused now!

The last two posts read:

> I confirm that ESR-31.2.0 allows override on HP ILO sites. Thank you so much for understanding our needs.

> Welcome. 33.1 will have the fix too.

[LoudNoise]

The ESR is up to 31.2 (I am using it now).

Edit:
Actually 31.2

[mightyglydd]

FWIW Earlier I checked 31.2.0esr on Windows and unlike Fx33, no update was offered...

[malliz]

Haven't we heard the "remove it from the thousand pcs I manage" threat before? Sound very familiar to another post

[therube]

(I edited, appended to my above post...)

So it looks like a 33.1 Release is what they were speaking of.
And Candidates are up, ftp://ftp.mozilla.org/pub/firefox/candi ... andidates/.

[therube]

> Haven't we heard the "remove it from the thousand pcs I manage"

Yes, it's in the associated bug report.