User Tools

Site Tools


software:firefox

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
software:firefox [2021/03/23 12:22]
127.0.0.1 external edit
software:firefox [2022/05/22 12:09] (current)
chris
Line 1: Line 1:
-==== I want to access a website with https, but firefox refuses. ==== +==== Addons ===== 
-I get these messages, Japanese locale: +  * [[https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/|Cookie AutoDelete]] - deletes cookies 10sec after you leave the page 
-<code> +  * [[https://addons.mozilla.org/en-US/firefox/addon/cookieblock/|CookieBlock]] - directly removes cookies after writingGreat talk at GPN2020
-安全な接続ではありません +  * [[https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/|don't care about cookies]] - automatic cookie agreement for (some, not all) pages 
- +  * ublock origin
-rhevm.fluxcoil.net の所有者による Web サイトの設定が不適切です。 +
-あなたの情報が盗まれることを防ぐため、この Web サイトへの接続は確立されません。 +
- +
-このサイトでは、暗号化された通信のみで接続するよう Firefox に指定する  +
-HTTP Strict Transport Security (HSTS) が使われています。 +
-そのため、この証明書を例外に追加することはできません。 +
- +
-<url> uses an invalid security certificate. +
- +
-The certificate is not trusted because the issuer certificate is unknown +
-The server might not be sending the appropriate intermediate certificates +
-An additional root certificate may need to be imported.  +
- +
-Error codeSEC_ERROR_UNKNOWN_ISSUER  +
-</code> +
-On this page, no "Add Exception.." button is offered. Why is that? +
- +
-==== solution ==== +
-HTTP Strict Transport Security (HSTS) is an opt-in security enhancement. My webserver fluxcoil.net has this in headers: +
-<code> +
-Strict-Transport-Security "max-age=31536000; includeSubDomains"; +
-</code> +
-Firefox had "seen" this, and a timer started, the next 31536000 seconds only properly signed https certs will be accepted for fluxcoil.net and subdomains.  installed a KVM guest as rhevm.fluxcoil.net locally, and a https cert for rhevm.fluxcoil.net was created and selfsigned.  Before I told firefox to only accept properly signed certsthis did not fall into that category.  Several workarounds exist, some: +
- +
-  * configure the timeout down in firefox +
-  * install the local system with a different domain, i.e. rhevm.local instead of rhevm.fluxcoil.net +
-  * get the <url> cert properly signed by a CA which your firefox trusts+
software/firefox.txt · Last modified: 2022/05/22 12:09 by chris