Цей вебсайт матиме обмежену функціональність, доки ми проводимо його обслуговування для поліпшення роботи. Якщо прочитана стаття не розв'язала вашу проблему і ви хочете поставити питання, наша спільнота підтримки з радістю допоможе вам на @FirefoxSupport у Twitter та /r/firefox на Reddit.

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

SEC_ERROR_UNKNOWN_ISSUER with self-signed cert

  • 1 відповідь
  • 1 має цю проблему
  • 9 переглядів
  • Остання відповідь від kede81

more options

Greetings,

I'm setting a staging server on a VM, and issued a self-signed certificate.

When accessing https://staging.my.site firefox is giving me the following error:

" The owner of staging.my.site has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. "

Clicking on Advanced shows:

" staging.my.site uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER "

There is no way to add an exception.

I went into Preferences-Certificates-View Certificates / Servers-Add Exception. Typed "https://staging.my.site", clicked on Get Certificate-Confirm Security Exception. But I got the same message

Restarted FF. Same message. Checked in SecurityPreloadState.txt but cannot see mention of "staging.my.site"

Kindly indicate me how to add an exception for my staging site.

Regards

Greetings, I'm setting a staging server on a VM, and issued a self-signed certificate. When accessing https://staging.my.site firefox is giving me the following error: " The owner of staging.my.site has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate. " Clicking on Advanced shows: " staging.my.site uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER " There is no way to add an exception. I went into Preferences-Certificates-View Certificates / Servers-Add Exception. Typed "https://staging.my.site", clicked on Get Certificate-Confirm Security Exception. But I got the same message Restarted FF. Same message. Checked in SecurityPreloadState.txt but cannot see mention of "staging.my.site" Kindly indicate me how to add an exception for my staging site. Regards

Змінено randoum

Усі відповіді (1)

more options

HSTS is a configuration of the web server. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for details. It would appear that the server you are staging employs this mechanism. There is no error in how Firefox behaves, this is mandated by the HSTS standard as described in the Wikipedia article. I see three workaround options: 1. you import the self-signed cert as a CA cert in to your browser. That way I expect the certificate will be accepted (as the issuer is trusted) and therefore the connection should proceed. Note I haven't built a test environment to duplicate your setup and tried this out, so this is from theory only and I may be wrong. 2. you configure the staging server differently from the production server in not employing HSTS. This will permit the browser to ask you for a security exception. Please do not deconfigure HSTS from your production server, as it is a good idea, it just doesn't permit the staging setup you employ. 3. if your staging server has internet connectivity and you are able to assign a valid and internet-reachble DNS name, you could obtain a proper certificate for it, e.g. using letsencrypt.org, a free service.