Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Funkcjonalność tej witryny będzie ograniczona w czasie konserwacji. Jeśli artykuł nie rozwiązuje twojego problemu i chcesz zadać pytanie, to nasza społeczność wsparcia jest dostępna na @FirefoxSupport na Twitterze i /r/firefox na Reddicie.

Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Więcej informacji

How can I bypass security HSTS certificate check ?

  • 4 odpowiedzi
  • 18 osób ma ten problem
  • 3 wyświetlenia
  • Ostatnia odpowiedź od Kzwix

more options

I'm trying to connect to a website which uses HSTS, and has an expired certificate.

I would like Firefox to let me add an exception, even temporarily, in order to be able to use that website, even in an insecure way, because I only care about what is written on this website, and I utterly don't care if someone catches anything from my visit there - it's a games wiki site, not a banking site, nor a terrorist hideout, or bomb-making den, or whatever, so I really do NOT need security going there.


I deeply resent Firefox preventing me, the user, from telling it to accept it anyway and proceed. I tried adding the certificate manually to the server, in the certificates window, but, as it is expired, it didn't work. I would like Firefox to let people choose what to accept, or what NOT to accept, instead of making the choice for them...

So... is there some way to circumvent this for THIS site, only ? Because I read about a test.currentTimeOffsetSeconds setting in about:config, but I fear it would be used for all certificates, and, thus, keep accepting other expired certificates too, which I absolutely do NOT want.


I find it distressing to have to turn to another browser for such a simple thing.

I'm trying to connect to a website which uses HSTS, and has an expired certificate. I would like Firefox to let me add an exception, even temporarily, in order to be able to use that website, even in an insecure way, because I only care about what is written on this website, and I utterly don't care if someone catches anything from my visit there - it's a games wiki site, not a banking site, nor a terrorist hideout, or bomb-making den, or whatever, so I really do NOT need security going there. I deeply resent Firefox preventing me, the user, from telling it to accept it anyway and proceed. I tried adding the certificate manually to the server, in the certificates window, but, as it is expired, it didn't work. I would like Firefox to let people choose what to accept, or what NOT to accept, instead of making the choice for them... So... is there some way to circumvent this for THIS site, only ? Because I read about a test.currentTimeOffsetSeconds setting in about:config, but I fear it would be used for all certificates, and, thus, keep accepting other expired certificates too, which I absolutely do NOT want. I find it distressing to have to turn to another browser for such a simple thing.

Wszystkie odpowiedzi (4)

more options

I don't think there is any built-in feature for this.

Why would a site that requires HTTPS allow its certificate to expire?!

In some cases, the site only sets HSTS for some portions of the site and you do not need to access those portions right away. In those cases, clearing Firefox's record of HSTS headers could allow you to make a temporary exception when you visit a section of the site that doesn't serve that header. This thread addressed that issue: https://support.mozilla.org/questions/1126812.

more options

Well, the website is https://www.gnomoriawiki.com/, and I highly suspect it has to do with the "Let's encrypt !" initiative.

The idea being to drown government-sponsored cypher-breaking capabilities under a lot a useless noise, to mask the interesting traffic, it would make sense, if you support this, to make people use HTTPS, even for something this benign.

more options

Maybe because I've never connected to the server before, I do get an "Add Exception" button. Firefox doesn't honor HSTS unless it is sent over HTTP HTTPS, so perhaps that explains the difference.

Zmodyfikowany przez jscher2000 - Support Volunteer w dniu

more options

Thanks, I surgically removed the "gnomoriawiki.com:HSTS" (and a bit more stuff on the line) from the SiteSecurityServiceState.txt file, started Firefox again, and then, It allowed me to add an exception, just like you said.

I still think it's counter-intuitive, and bad UI, but I'm glad you could provide me with this walkaround.