I'm on a private network with a lot of restrictions and monitorings. Every HTTPS connection results in SSL certification errors (maybe those people use "man-in-the-middle" approach to decrypt the HTTPS traffic in the network?)
So far I have tried the solutions from these questions.
- certificate – How to bypass the "secure connection failed" warning in Firefox 33 – Super User
- Is there a way to make Firefox ignore invalid ssl-certificates? – Stack Overflow
But in my case, an exception still has to be added every time I visit a secured site. Also for some sites, resources (such as images, stylesheet, scripts) from different domains won't load and the sites become broken and unreadable.
www.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
Error code: SEC_ERROR_UNKNOWN_ISSUER
For Chrome, there is an unsupported command line switch –ignore-certificate-errors but it makes Chrome ignore all SSL certification errors. Is there any thing that would do the same in Firefox? (I'm using the latest version of Firefox on Windows 7)
Best Answer
Firefox has no such setting.
That's a terribly terse answer, but I'm afraid it's all there is. Firefox usually errs on the side of not letting you view a site at all in case of some problems rather than letting you override it even if you want to.
That said, if you're getting cert warnings for everything on a private network, it's almost certain that the local IT group is running an SSL interception proxy. You're not going to get to the internet without accepting their certificate, so here's how you do that:
Open up the certificate properties for one of the pages you get an error on (after adding the exception in Firefox) by clicking the lock in the address bar, the right arrow, and then "more information".
In the Security tab, click on View Certificate, and then the Details tab on the new window.
Under Certificate Hierarchy, examine the name of the topmost certificate. It's probably going to be from a security vendor of some kind like Symantec or Barracuda.
Click on it, and then go to Export at the bottom.
Save the file somewhere accessible
Close the security and certificate windows, and open your Firefox settings (top right hamburger menu, Options)
Click Advanced on the bottom left, and then click View Certificates
Click the Authorities tab, and then Import
Locate the file you just saved
Accept the warning.
It is very important you don't get into a habit of doing this procedure, and only to do it when you know with COMPLETE certainty that the certificate is legitimate. I cannot emphasize this enough - call the IT people and have them verify the name on the certificate if you're even slightly unsure, since now you've just told Firefox to accept any and all certificates that the CA you just imported signed. You will receive no more warnings of that sort for this cert. If you import a malicious certificate, you've just shot yourself in the foot.