How to make Firefox ignore all SSL certification errors?
Firefox has no such setting.
That's a terribly terse answer, but I'm afraid it's all there is. Firefox usually errs on the side of not letting you view a site at all in case of some problems rather than letting you override it even if you want to.
That said, if you're getting cert warnings for everything on a private network, it's almost certain that the local IT group is running an SSL interception proxy. You're not going to get to the internet without accepting their certificate, so here's how you do that:
Open up the certificate properties for one of the pages you get an error on (after adding the exception in Firefox) by clicking the lock in the address bar, the right arrow, and then "more information".
In the Security tab, click on View Certificate, and then the Details tab on the new window.
Under Certificate Hierarchy, examine the name of the topmost certificate. It's probably going to be from a security vendor of some kind like Symantec or Barracuda.
Click on it, and then go to Export at the bottom.
Save the file somewhere accessible
Close the security and certificate windows, and open your Firefox settings (top right hamburger menu, Options)
Click Advanced on the bottom left, and then click View Certificates
Click the Authorities tab, and then Import
Locate the file you just saved
Accept the warning.
It is very important you don't get into a habit of doing this procedure, and only to do it when you know with COMPLETE certainty that the certificate is legitimate. I cannot emphasize this enough - call the IT people and have them verify the name on the certificate if you're even slightly unsure, since now you've just told Firefox to accept any and all certificates that the CA you just imported signed. You will receive no more warnings of that sort for this cert. If you import a malicious certificate, you've just shot yourself in the foot.
Related videos on Youtube
Teiv
Updated on September 18, 2022Comments
-
Teiv over 1 year
I'm on a private network with a lot of restrictions and monitorings. Every HTTPS connection results in SSL certification errors (maybe those people use "man-in-the-middle" approach to decrypt the HTTPS traffic in the network?)
So far I have tried the solutions from these questions.
- certificate - How to bypass the "secure connection failed" warning in Firefox 33 - Super User
- Is there a way to make Firefox ignore invalid ssl-certificates? - Stack Overflow
But in my case, an exception still has to be added every time I visit a secured site. Also for some sites, resources (such as images, stylesheet, scripts) from different domains won't load and the sites become broken and unreadable.
www.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.
Error code: SEC_ERROR_UNKNOWN_ISSUER
For Chrome, there is an unsupported command line switch --ignore-certificate-errors but it makes Chrome ignore all SSL certification errors. Is there any thing that would do the same in Firefox? (I'm using the latest version of Firefox on Windows 7)
-
Stevoisiak over 6 years
-
davidgo about 8 yearsMikeyT.K. answer is correct - what you are doing - simply put - is abdicating control to your connectivity to whatever is M-I-T-M attacking you. Another solution might be to use a VPN with a provider which allows you to use OpenVPN with the http-proxy directive to tunnel untampered Internet through the restricted firewall.
-
Teiv about 8 years@Mikey T.K.: I tried to export the certificate from Reddit (as an example) like you told me to. But when I imported it, Firefox gave this error message This is not a certificate authority certificate, so it can't be imported into the certificate authority list. Here is the screenshot of the certificate export: Image
-
Teiv about 8 years@davidgo: In my workplace, such things like VPN, SSH, SOCKS, HTTP proxy or even web proxy will result in an instant ban from the network and only an official request from my manager may help me to access the network again.
-
Karu about 8 years@davidgo What does the Issuer on that certificate say?
-
user about 7 yearsDon't verify just the name; verify the certificate fingerprint. That's a lot harder to fake.
-
Stevoisiak over 6 yearsFunnily enough, I asked a fairly similar question over on Info Security. (Why is Firefox (and only Firefox) reporting that my connection is insecure?)
-
CalvT about 6 years@Teiv I had to export my certificate as a p7b to get it to work - otherwise was getting that error.
-
ckujau almost 6 yearsStill, a
--ignore-certificate-errors
option would be helpful. Corporate environment here, we use Firefox only to access hundreds of ILO-consoles, all of them are vendor-configured with an invalid certificate. So for every one of them we get a certificate warning :-\ Not sure if this can be solved in #435013, maybe a new report is in order... -
Anonymous over 2 years@ckujau Ignore all certificate errors? Seriously, don't do this. All an attacker would need is access to your WiFi and your entire network is theirs.
-
Admin about 2 years@davidgo why can't I abdicate control ? between giving away all my browsing information, and not getting any internet access at all (a situation I've just been in) I want to take the first option - hell, I'll even write a handwritten letter with what I'm doing on the internet and send them pictures of my face if that's what they want.