This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to add a security exception to Firefox programmatically?

  • 2 replies
  • 5 have this problem
  • 14 views
  • Last reply by hldev

more options

We have a self-signed certificate assigned to a local web server hosted on localhost to enable SSL connection. It works for other browsers such as Chrome on Windows/IOS, Safari for IOS, and IE for Windows. But Firefox (version 53.0.X) complains it's not trusted because it's self signed. It also works by adding a security exception through Firefox certificate manager. Is there any way to do that programmatically so that this process can be automated for better user experience? Can you please point out a direction or links for this?

Thank you,

hldev

We have a self-signed certificate assigned to a local web server hosted on localhost to enable SSL connection. It works for other browsers such as Chrome on Windows/IOS, Safari for IOS, and IE for Windows. But Firefox (version 53.0.X) complains it's not trusted because it's self signed. It also works by adding a security exception through Firefox certificate manager. Is there any way to do that programmatically so that this process can be automated for better user experience? Can you please point out a direction or links for this? Thank you, hldev

All Replies (2)

more options
more options

Thank you for the reply. I understand that the problem is caused by Firefox uses its own certificate store rather than Windows root CA store. By setting Firefox preference "security.enterprise_roots.enabled" to true will allow Firefox to trust all certs from Windows root CA. But it'll make all cert from Windows root CA to be trusted. Is it possible to trust only selected cert from Windows root CA?