User Tools

Site Tools


Sidebar

software:firefox

I want to access a website with https, but firefox refuses.

I get these messages, Japanese locale:

安全な接続ではありません

rhevm.fluxcoil.net の所有者による Web サイトの設定が不適切です。
あなたの情報が盗まれることを防ぐため、この Web サイトへの接続は確立されません。

このサイトでは、暗号化された通信のみで接続するよう Firefox に指定する 
HTTP Strict Transport Security (HSTS) が使われています。
そのため、この証明書を例外に追加することはできません。

<url> uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown. 
The server might not be sending the appropriate intermediate certificates. 
An additional root certificate may need to be imported. 

Error code: SEC_ERROR_UNKNOWN_ISSUER 

On this page, no “Add Exception..” button is offered. Why is that?

solution

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement. My webserver fluxcoil.net has this in headers:

Strict-Transport-Security "max-age=31536000; includeSubDomains";

Firefox had “seen” this, and a timer started, the next 31536000 seconds only properly signed https certs will be accepted for fluxcoil.net and subdomains. I installed a KVM guest as rhevm.fluxcoil.net locally, and a https cert for rhevm.fluxcoil.net was created and selfsigned. Before I told firefox to only accept properly signed certs, this did not fall into that category. Several workarounds exist, some:

  • configure the timeout down in firefox
  • install the local system with a different domain, i.e. rhevm.local instead of rhevm.fluxcoil.net
  • get the <url> cert properly signed by a CA which your firefox trusts
software/firefox.txt · Last modified: 2019/04/05 02:25 by chris