This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why firefox not asking me to add security exception?

  • 1 reply
  • 2 have this problem
  • 6 views
  • Last reply by cor-el

more options

Firefox is not asking me to add security exception in the case when Issuer certificate is invalid with error code: sec_error_ca_cert_invalid. I know that its invalid but why firefox doesn't allow me to add exception for it?

This problem is there since I updated to FF 33.0 I have already tried to Reset Firefox, but that didn't help me.

What are the possible solutions? Please help.

Firefox is not asking me to add security exception in the case when Issuer certificate is invalid with error code: sec_error_ca_cert_invalid. I know that its invalid but why firefox doesn't allow me to add exception for it? This problem is there since I updated to FF 33.0 I have already tried to Reset Firefox, but that didn't help me. What are the possible solutions? Please help.

All Replies (1)

more options

You can try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the currently used Firefox profile folder:


Could be this bug:

  • bug 1042889 - mozilla::pkix, cannot override sec_error_ca_cert_invalid with version 1 certificate, and other scenarios (with or without pkix)

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Modified by cor-el