为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Update to Firefox 57, now receive HTTPS (HSTS) error when visiting secure sites, and importing self signed certificate of proxy into store is now ineffective.

  • 1 个回答
  • 4 人有此问题
  • 1 次查看
  • 最后回复者为 jrnoc

more options

My organization uses a firewall the implements forward proxy SSL decryption. Normally we allow this by importing our corporate self signed certificate into the trusted Authorities store in firefox. After upgrading to firefox 57 from firefox 56, we are now receiving an error (attached image) on seemingly every secure website.

"This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."

"The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported."

Adding our trusted root cert into Authorities does not seem to be effective anymore. Exempting the test PC from decryption at the firewall allows it to connect to secure sites just fine, but the test PC is now exempt from layer 7 signatures, IPS, antivirus, and zero-day protection provided by our firewall.

Has anyone else run into this issue? Any assistance would be extremely appreciated.

My organization uses a firewall the implements forward proxy SSL decryption. Normally we allow this by importing our corporate self signed certificate into the trusted Authorities store in firefox. After upgrading to firefox 57 from firefox 56, we are now receiving an error (attached image) on seemingly every secure website. "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate." "The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Adding our trusted root cert into Authorities does not seem to be effective anymore. Exempting the test PC from decryption at the firewall allows it to connect to secure sites just fine, but the test PC is now exempt from layer 7 signatures, IPS, antivirus, and zero-day protection provided by our firewall. Has anyone else run into this issue? Any assistance would be extremely appreciated.

所有回复 (1)

more options

This was solved by adding the certificate chain in .p7b format instead of .cer.