cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
43615
New member
Status: New idea

I am operating a server in my home network, which has an external domain name and an HTTPS certificate. My annoyance is that because the certificate only applies to said domain name, FF always gives an SSL_ERROR_BAD_CERT_DOMAIN warning when I want to access the server using its private network address.

I understand the importance of this warning for inexperienced users, but I'd still appreciate an option to create bypass rules for security warnings. I've tried adding an exception in the Servers tab of the Certificate Manager, but it doesn't work.

8 Comments
David40
Making moves

When I am accessing the internal configuration web pages integrated into certain equipment FireFox will not allow me to continue to the page. You need to add a button that allows me to ignore the Certificate error and continue to the page I need to get to.

Thank You

Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

M_B
New member

I have encountered similar issues while doing web application development under Visual Studio.  The developer SSL certificate is for Localhost, but for some connections I need to use my PC's LAN IP address, or even its external IP address (because of the particular distributed architecture of the app). 

I find that Firefox will (naturally) throw SSL_ERROR_BAD_CERT_DOMAIN errors for the non-localhost connections.

Curiously, if the connection is made in its own browser window, I get the option to add a security exception to Firefox, but if the connection is made in an iFrame element the option to add an exception is not offered.  If I use the Developer tools, copy the URL used in the iFrame, and paste that into a new browser window, the add-an-exception option appears!  Once an exception is added, the iFrame version thereafter works.

It would be nice to be able to add the exception directly from the iFrame view, or have a general config page where I could add explicit IP addresses to the exceptions list.

Katsu
New member

THIS, after having the so many-est archived/abandoned website that I REALLY needed to read something on blocked by Firefox over dumb certificate issues that nobody will probably ever fix.

It should NEVER be the decision of the browser or the people who make it to determine if something should be blocked with no way to bypass it.

Even if I want to press 'bypass' on a malware block then that is my prerogative and my problem, the fact that connections can get fully blocked over an ssl certificate are absurd to begin with. These days SSL certificates just mean the malware you just clicked gets sent to you over an encrypted connection so the L4 and up firewalls won't see it.

Display warnings YES, great, I love it, 11/10 move .. actually blocking me from accessing a website absolutely not. Boo etc.

All the overzealous warnings are just making people looking for ways to turn off said warnings.

 

This annoyed me often enough and to a point where I actually bothered to make this comment.

ameyuuki
Strollin' around

Preface: I love Firefox and everything Mozilla is doing for a better and more secure browser.

I understand that if you self-signed a certificate and your Root CA certificate doesn't match in the Trusted Root CA, it will throw an error like SEC_ERROR_UNKNOWN_ISSUER. It took 8 hours to figure out all the kinks and errors from my own self-signed cert. After all that, even if I already added a proper self-signed cert in the Trusted Root Certificate Authority. Firefox still threw an error at me for another 2 hours and 30 minutes.

This method used to work in pre-2023. "I had to be doing something wrong. Maybe I'm rusty on my SSL." - I thought to myself. I checked the Certificate Manager in Firefox to no avail.

Turns out since Firefox version 120, Mozilla added "Allow Firefox to automatically trust third-party root certificates you install" and it's the reason I was slamming my head to my keyboard for the last 2 hours and 30 minutes. Not even ChatGPT could help me with this error.

After I uploaded my SSL cert and SSL key to my self-host service, rebooted my machine, checked Firefox again. My cert was NOT rejected anymore. Then I collapsed to the floor and was lying on the ground 10 minutes and thought "I should've been a farmer." My brain was fried at that point.

Thanks Firefox.

F1R35pirit
New member

Such an option is a MUST! I'm work in a team of embedded firmware developers, we make a WebUI for devices. We do provide an option for the user to upload their own certificate in production, but when in development, we re-flash the firmware multiple times a day (each of us), and each time after re-flashing we hit the "WARNIN: Possible security threat" page because the device's auto-generated self-signed certificate can't be verified, and each time we have to push the "yes, I know what I'm doing, let me through" button, whatever it is called. That's EXTREMELY annoying.

All our devices-under-development reside in the same local subomain (like *.dev.company.org) and it would be a HUGE relief if we could just add that patter to some exclusions and Firefox would then trust any certificates from sites on that domain without any questions.

Our whole team would appreciate such an option A LOT.

psyko_chewbacca
New member

Quite frankly I'm stumped this isn't already implemented.

 

I have several devices I access through mdns .local domain name and everytime I need to add exceptions for every single devices.

I wish I could just add a wildcard exception for the ".local" domain in HTTPS-Only mode configuration.

iannacone
New member

IMHO this over-exaggerated security block will have the opposite effect than protect. Since now i have to deactivate all checks in order to work, instead of adding an (even temporary) exception.

+1