Αυτός ο ιστότοπος θα έχει περιορισμένη λειτουργικότητα, όσο εκτελούμε εργασίες συντήρησης για να βελτιώσουμε την εμπειρία σας. Αν ένα άρθρο δεν επιλύει το ζήτημά σας και θέλετε να κάνετε μια ερώτηση, η κοινότητα υποστήριξής μας είναι έτοιμη να σας βοηθήσει στο Twitter (@FirefoxSupport) και στο Reddit (/r/firefox).

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Μάθετε περισσότερα

Self signed certificates stopped working

  • 2 απαντήσεις
  • 7 έχουν αυτό το πρόβλημα
  • 33 προβολές
  • Τελευταία απάντηση από cor-el

more options

All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself.

The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page.

Things I've tried so far:

  • Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them.
  • Quit Firefox, delete cert8.db from my profile, then restart Firefox
  • Restart Firefox in Safe mode
  • Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari)

The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with

   openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt

Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A")

The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine.

This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine.


UPDATE:

I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner.

The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.db
All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself. The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page. Things I've tried so far: * Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them. * Quit Firefox, delete cert8.db from my profile, then restart Firefox * Restart Firefox in Safe mode * Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari) The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A") The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine. This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine. UPDATE: I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner. The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox: * SiteSecurityServiceState.txt * cert_override.txt * cert8.db

Τροποποιήθηκε στις από τον/την mbi0

Επιλεγμένη λύση

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

Ανάγνωση απάντησης σε πλαίσιο 👍 0

Όλες οι απαντήσεις (2)

more options

Επιλεγμένη λύση

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

more options

If it happens again then try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder: