You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-02-05 22:38:10
- parszab
- Member
- Registered: 2015-09-17
- Posts: 5
Firefox SSL issues
Hi Arch community (hope it's a good category),
Not sure if anyone can help me with an odd issue I'm having: Firefox declines to load some of my domains that I created self signed certificates for. I have installed my root certificate with:
pacman -S ca-certificates-utils
cp pojo.hu.crt /etc/ca-certificates/trust-source/anchors
trust extract-compatOne such example is https://meta.i4studio.hu/, where Firefox says:
meta.i4studio.hu uses an invalid security certificate.
The certificate is not valid for the name meta.i4studio.hu.
Error code: SSL_ERROR_BAD_CERT_DOMAINThis clearly is not true:
google-chrome-stable displays the site without any issues, and any certificate warning
Firefox can display the same site on other PCs (Windows and macOS, haven't tried Linux)
On first load the advanced options allow me to add an exception (permanenty), but after a restart of the browser, the error appears again, w/o any option to circumvent the alert.
I tried full uninstall, reinstall of Firefox and also my user profile. Didn't help, neither did my google searches.
Also reinstalled some ca-* packages:
sudo pacman -Sy ca-certificates ca-certificates-cacert ca-certificates-mozilla ca-certificates-utilsWould appreciate any help, on how to proceed, feel that I ran out of ideas.
Cheers,
Szabolcs
Offline
#2 2017-02-06 07:03:06
- ayekat
- Member
- Registered: 2011-01-17
- Posts: 1,589
Re: Firefox SSL issues
Firefox can display the same site on other PCs (Windows and macOS, haven't tried Linux)
Are you sure it worked "just like that" on Windows?
Because Firefox uses Mozilla's Network Security Services, which is a separate storage for CAs and certificates (not the system one).
On Arch Linux, I am unfortunately not quite sure how exactly this is handled (perhaps somebody can shed some light onto CA management on Arch Linux?), but have you checked whether Firefox sees the certificate (Preferences → Advanced → Certificates → View Certificates)? If not, try adding it there manually. If yes, try removing and re-adding it manually (I remember having had issues with a custom CA on Firefox on Linux, too, despite Firefox having the CA in the list).
Offline
#3 2017-02-07 21:27:48
- parszab
- Member
- Registered: 2015-09-17
- Posts: 5
Re: Firefox SSL issues
Thanks ayekat for your response!
Yes it indeed works on Windows and macOS, where I also installed the root certificate at the OS level.
I checked in the settings, the certificate authority shows up as a "System Trust", I can't even delete it (I can, but when I reopen the settings it's there again), and can't add it again, as it would be a duplicate.
So something odd is happening, not sure how to work around this.
Cheers,
Szabolcs
Offline
Pages: 1