Этот сайт имеет ограниченную функциональность, пока мы проводим техническое обслуживание для улучшения его работы. Если какая-либо статья не решила вашу проблему и вы хотите задать вопрос, наше сообщество поддержки ждёт вас: @FirefoxSupport в Твиттере и /r/firefox на Reddit.

Поиск в Поддержке

Избегайте мошенников, выдающих себя за службу поддержки. Мы никогда не попросим вас позвонить, отправить текстовое сообщение или поделиться личной информацией. Сообщайте о подозрительной активности, используя функцию «Пожаловаться».

Подробнее

Self signed certificates stopped working

  • 2 ответа
  • 7 имеют эту проблему
  • 33 просмотра
  • Последний ответ от cor-el

more options

All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself.

The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page.

Things I've tried so far:

  • Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them.
  • Quit Firefox, delete cert8.db from my profile, then restart Firefox
  • Restart Firefox in Safe mode
  • Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari)

The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with

   openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt

Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A")

The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine.

This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine.


UPDATE:

I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner.

The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.db
All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself. The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page. Things I've tried so far: * Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them. * Quit Firefox, delete cert8.db from my profile, then restart Firefox * Restart Firefox in Safe mode * Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari) The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A") The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine. This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine. UPDATE: I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner. The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox: * SiteSecurityServiceState.txt * cert_override.txt * cert8.db

Изменено mbi0

Выбранное решение

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

Прочитайте этот ответ в контексте 👍 0

Все ответы (2)

more options

Выбранное решение

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

more options

If it happens again then try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder: