Trang web này sẽ có chức năng hạn chế trong khi chúng tôi trải qua bảo trì để cải thiện trải nghiệm của bạn. Nếu một bài viết không giải quyết được vấn đề của bạn và bạn muốn đặt câu hỏi, chúng tôi có cộng đồng hỗ trợ của chúng tôi đang chờ để giúp bạn tại @FirefoxSupport trên Twitter và /r/firefox trên Reddit.

Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

Self signed certificates stopped working

  • 2 trả lời
  • 7 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi cor-el

mbi0
mbi0
more options

All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself.

The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page.

Things I've tried so far:

  • Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them.
  • Quit Firefox, delete cert8.db from my profile, then restart Firefox
  • Restart Firefox in Safe mode
  • Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari)

The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with 

   openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt

Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A")

The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine.

This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine.


UPDATE:

I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner.

The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox:

  • SiteSecurityServiceState.txt
  • cert_override.txt
  • cert8.db
All of a sudden (i.e. not after a Firefox upgrade) Firefox 41.0 has stopped accepting self-signed SSL certificates on various websites which it had been accepting for months. I've generated the certificates myself. The link / button to add exceptions and import the certificate has disappeared from the "Untrusted Connection" error page. Things I've tried so far: * Import the certificates via Preferences > Advanced > Certificates > View Certificates > Servers. The certificates get imported but Firefox seems to ignore them. * Quit Firefox, delete cert8.db from my profile, then restart Firefox * Restart Firefox in Safe mode * Import the certificate in the OS Keychain (this makes the websites work on Chrome and Safari) The generated certificates are signed with "PKCS #1 SHA-256 With RSA Encryption", they are not expired and were generated with openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout server.key -out server.crt Apart from the trust issue, https://www.ssllabs.com/ssltest/ reports no problem whatsoever with these certs, they are fine ("If trust issues are ignored: A") The only way I can access these websites is via a Private Browsing window: if the certificate was previously imported (via Preferences) the private session window can access the websites without a problem. If the certificate wasn't imported yet I get the option to add a temporary exception and after that is done it works fine. This problem doesn't appear on another computer, even though the Firefox profile is synced between the two. The problem does not appear on a colleague's Firefox 41.0 (same OS and hardware) Certificates signed by a real CA are accepted just fine. UPDATE: I've marked this as resolved, but apparently the problem keeps coming back about once a week, in a completely random manner. The best solution I've found so far is to quit Firefox, delete the following files from my profile, then restart Firefox: * SiteSecurityServiceState.txt * cert_override.txt * cert8.db

Được chỉnh sửa bởi mbi0 vào

Giải pháp được chọn

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

Đọc câu trả lời này trong ngữ cảnh 👍 0

Tất cả các câu trả lời (2)

mbi0
mbi0 Người tạo câu hỏi
more options

Giải pháp được chọn

I eventually fixed this by doing a "Refresh Firefox" (under about:support) and re-syncing my profile.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

If it happens again then try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder: