Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

Update to Firefox 57, now receive HTTPS (HSTS) error when visiting secure sites, and importing self signed certificate of proxy into store is now ineffective.

  • 1 réponse
  • 4 ont ce problème
  • 1 vue
  • Dernière réponse par jrnoc

jrnoc
jrnoc
more options

My organization uses a firewall the implements forward proxy SSL decryption. Normally we allow this by importing our corporate self signed certificate into the trusted Authorities store in firefox. After upgrading to firefox 57 from firefox 56, we are now receiving an error (attached image) on seemingly every secure website.

"This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."

"The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported."

Adding our trusted root cert into Authorities does not seem to be effective anymore. Exempting the test PC from decryption at the firewall allows it to connect to secure sites just fine, but the test PC is now exempt from layer 7 signatures, IPS, antivirus, and zero-day protection provided by our firewall.

Has anyone else run into this issue? Any assistance would be extremely appreciated.

My organization uses a firewall the implements forward proxy SSL decryption. Normally we allow this by importing our corporate self signed certificate into the trusted Authorities store in firefox. After upgrading to firefox 57 from firefox 56, we are now receiving an error (attached image) on seemingly every secure website. "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate." "The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Adding our trusted root cert into Authorities does not seem to be effective anymore. Exempting the test PC from decryption at the firewall allows it to connect to secure sites just fine, but the test PC is now exempt from layer 7 signatures, IPS, antivirus, and zero-day protection provided by our firewall. Has anyone else run into this issue? Any assistance would be extremely appreciated.

Toutes les réponses (1)

jrnoc
jrnoc Auteur de la question
more options

This was solved by adding the certificate chain in .p7b format instead of .cer.