15

i.e. I just want them to be permanently accepted all the time.

someguy
  • 3,153
  • 3
  • 20
  • 10
  • It should be noted that Firefox is giving you this warning for a reason: It can't guarantee that this connection is secure. Disabling them all the time is not the right solution. – Thanatos Aug 17 '10 at 21:11
  • This message looks "bad" but in reality it is "half secure". Even better than no encryption at all. – enthus1ast Mar 11 '15 at 14:43

7 Answers7

9

No, you cannot. Other people answering this question, please read it more closely. He wasn't asking how to add an exception, or fix a broken certificate. He wanted to TURN OFF THE CHECK COMPLETELY.

The Mozilla people erred on the side of caution by making this impossible. On the one hand it's annoying, but on the other hand, their security mindset is one of the reasons Firefox is so much safer than IE.

If you want to make exceptions just a little bit easier, type "about:config" in the address bar (no quotes), and type browser.ssl_override_behavior into the Filter, double-click the "Value", and change it to "2". Now exceptions require one less click.

user52227
  • 187
  • 1
  • 2
5

Here's the answer!

* Tools -> Options -> Advanced -> Encryption -> View Certificates
* Under Authorities tab, enter "RSA Security 1024" in the Search textbox.
* Select RSA Security 1024 V3 and press the Edit button.
* Uncheck all three options
* Press OK and close out the rest of the dialogs.

The certificate authority won't be trusted for anything, and so have been effectively disabled.

The certificate authority is not unknown or in malicious hands or anything, its just not in use and hasn't been audited. See http://blog.mozilla.com/security/2010/04/06/removing-the-rsa-security-1024-v3-root/

Doug K
  • 51
  • 1
  • 1
5

check out the perspective firefox addon. It makes firefox 3 automatically accept self-signed certificates.

http://www.cs.cmu.edu/~perspectives/

Christopher Mahan
  • 7,621
  • 9
  • 53
  • 66
3

You need to import the certificate issuers certificate so that any other certs. issues by that issuer don't give this warning.

In firefox go to: prefs advanced encryption view certificates authorities and then click import

If you have a root certificate for your issuer you can import it here and never see that error again.

reefnet_alex
  • 9,703
  • 5
  • 33
  • 32
  • that's correct. nothing in the question suggests that the questioner is looking for anything more thant that. obviously having a valid certificate issued by an approved authority as you suggest won't be subject to the same problem but may well not be what the questioner was after – reefnet_alex Nov 08 '08 at 22:45
  • Most likely you have the Authority trusted in IE or Chrome and not FF. [Check out this related SU post](http://superuser.com/a/166754/108939). We had a similar probably resolving `sec_error_unknown_issuer` SSL authority issues for an internal corporate SSL proxy. – SliverNinja - MSFT Jul 27 '15 at 13:56
3

For those of us who either...

  • Don't trust one of hundreds/thousands built-in "authorities" (which occasionally found to be on the list "by accident", or can be used for outrightly malicious purposes - think goverments) and/or security policies of any of them (any single compromised key can forge silent "all clear" for any site, after all, and - surprise - they do).
  • Don't like the cool tradeoffs like five clicks to get any cryptographic protection against casual listener on a site which somehow didn't paid it's ssl tax (and no, you can't know in advance whether owner actually did that and you're victim of MitM attack)... hm, you can actually buy an item and pay for it in less than that in a sensible UI.
  • Don't want to take part (for some mysterious reason) in all this commercial "pay or we'll spam you to death" circus altogether (which apparently can be mistaken for security).
  • Have need to connect to lots of various router/server https interfaces which generate their certificates.
  • ...

...partial solution can be a "MitM me" extension, which at least lowers the click count.

mk-fg
  • 195
  • 2
  • 5
2

I know it's an old thread, but for future reference, this FF extension makes the trick:

https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error/

Ste
  • 167
  • 1
  • 11
0

I think you need to get the certificate issued by a "root certificate authority" that the browser will know in advance, e.g. Verisign.

http://www.verisign.co.uk/ssl/ssl-information-center/

There's other suppliers too. Trail ones available here....

http://www.geotrust.com/

Good description of the issue and what might work best for you depending on your requirements here...

http://www.boutell.com/newfaq/creating/whichcert.html

cagcowboy
  • 30,012
  • 11
  • 69
  • 93