When I check the certificate, it shows the common name as System Root Certificate Authority. The certificate is not trusted because it was issued by an invalid CA certificate. You can’t add an exception to visit this site. Has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. Every site I go to returns an error that says:įirefox detected a potential security threat and did not continue to because this website requires a secure connection. If the above steps don’t work, try closing Firefox and repeating the delete command without the sql: prefix.I've been running into an issue with Firefox on my iMac for the last couple of weeks. To verify we can simply run the list command again to check: certutil -d sql:$HOME/.mozilla/firefox/profiles/fault -LĪt this point you should be able to reload the offending site and it should now work (although you will likely be prompted to accept the certificate again!). If certutil doesn’t return any messages then it’s likely to have worked. certutil -d sql:$HOME/.mozilla/firefox/profiles/fault -Dn "" I recommend putting quotes around the nickname in case it includes spaces. To get rid of it we use the certutil delete command ( -D) and specify the certificate nickname listed above after the -n argument. In this case the entry is the offending one that we want to remove. certutil -d sql:$HOME/.mozilla/firefox/profiles/fault -L Modern versions of Firefox use the SQL NSS database, so we need to provide the location of the database in the form of sql:path.Ī tip here – it might be useful to use grep to filter for the common name of the certificate used by the page throwing the error. Note that the path is case sensitive.įrom here we can use certutil to list the certificates ( -L) in this store to find the offending entry. Yours may vary slightly – just note that the Path entry is relative to the location of profiles.ini so you need to include any subdirectories in your commands.
So in this case my profile directory would be ~/.mozilla/firefox/profiles/fault in Linux or ~/Library/Application Support/Firefox/Profiles/fault on Mac. Identify the Path to your profile directory, in this case The configuration for this is usually in ~/.mozilla/firefox/profiles.ini(Linux) or ~/Library/Application Support/Firefox/profiles.ini (Mac). In theory it’s possible to do this in-place with SQL NSS databases but I’ve found it a bit hit and miss in practice.įirst we need to figure out the Firefox profile directory.
Mozilla firefox for mac certificate error install#
In macOS, I recommend using Homebrew or MacPorts to install the nss package e.g: brew install nss In install certutil on Ubuntu we need the libnss3-tools package: sudo apt install libnss3-tools This command shouldn’t be confused with certutil.exe included with Windows, which is completely unrelated! To fix this properly we need to use certutil as included with the Mozilla NSS tools.
This works, but it’s a bit heavy handed as it clears out any other exceptions you may have saved in the past. Some forum posts suggest removing the entire certificate database. In practice, however, this doesn’t often work. In theory you should be able to fix this by heading to Settings -> Privacy & Security -> View Certificates, selecting the Servers tab and then deleting the offending entry. I often see this occur with Foreman where the default configuration relies on the Puppet CA for certificate issuing. Please contact the website owners to inform them of this problem. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.Įrror code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL Normally that’s not a problem, except when Firefox is being used to access the rebuilt VM occasionally we might see this error:Īn error occurred during a connection to 192.168.24.201. Sometimes when deploying stuff in the lab with self-signed certificates I find myself quickly rebuilding VMs after making breaking changes.
0 kommentar(er)
