This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cannot accept self-signed certificate on some machines

  • 1 reply
  • 7 have this problem
  • 1 view
  • Last reply by adaviel

more options

I'm trying to connect to a certain server that uses a self-signed certificate - the admin thinks that's safer than accepting thousands of unknown intermediate CAs, and he has a point; witness the Certificate Patrol add-on.

When I try from some client machines with various OS, FireFox versions etc., it works. I can accept the certificate permanently.

But on at least 3 machines, I get an error message "unable to obtain identification status for the given site", and I cannot confirm an exception and get to the site at all. 2 of those machines have FF 10.0.4. But on another machine with FF 10.0.4, there is no problem.

On machines where I can store an exception, when I look in the certificate manager, the certificate is marked "(not stored)", and I cannot view it. What does that mean ? A few other certs in the server store are also marked not stored, while most have a certificate name and are viewable, along with one marked "no nickname".

I'm trying to connect to a certain server that uses a self-signed certificate - the admin thinks that's safer than accepting thousands of unknown intermediate CAs, and he has a point; witness the Certificate Patrol add-on. When I try from some client machines with various OS, FireFox versions etc., it works. I can accept the certificate permanently. But on at least 3 machines, I get an error message "unable to obtain identification status for the given site", and I cannot confirm an exception and get to the site at all. 2 of those machines have FF 10.0.4. But on another machine with FF 10.0.4, there is no problem. On machines where I can store an exception, when I look in the certificate manager, the certificate is marked "(not stored)", and I cannot view it. What does that mean ? A few other certs in the server store are also marked not stored, while most have a certificate name and are viewable, along with one marked "no nickname".

Chosen solution

The issue seems to revolve around a cached HTTPS redirect when the server certificate has changed. I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=767611

The "not stored" issue I realize is due to a permanent excep[tion for a self-signed certificate being stored as a certificate authority, with a placeholder in the servers tab

Read this answer in context 👍 0

All Replies (1)

more options

Chosen Solution

The issue seems to revolve around a cached HTTPS redirect when the server certificate has changed. I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=767611

The "not stored" issue I realize is due to a permanent excep[tion for a self-signed certificate being stored as a certificate authority, with a placeholder in the servers tab