Why is Firefox not trusting my self-signed certificate?

ssl firefox certificate keychain trust
11,131

See https://bugzilla.mozilla.org/show_bug.cgi?id=1034124 and specifically this answer:

Looks like that certificate has a basicConstraints extension with the value cA: TRUE. We stopped allowing CA certificates to act as end-entity certificates. That certificate should be regenerated without the basicConstraints extension.

This is also explained at https://wiki.mozilla.org/SecurityEngineering/x509Certs

Error Code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY

What It Means: A certificate with a basic constraints extension with cA:TRUE is being used as an end-entity certificate

What Can I Do: Re-generate the end-entity certificate without the basic constraints extension

Share:
11,131
Mark Fisher
Author by

Mark Fisher

Updated on July 09, 2022

Comments

  • Mark Fisher
    Mark Fisher almost 2 years

    I have a local domain (markfisher.local) for which I have made a self-signed certificate, which I have added to the Certificates in Keychain Access (I am using Mac). This results in the certificate being trusted in Chrome and Safari. If I edit the certificates Trust in KeyChain Access to "Never Trust" then Chrome and Safari no longer accept it, then if I change it back to "Always Trust" then I can access markfisher.local OK again.

    But when accessing the site in Firefox I get the following:

    markfisher.local uses an invalid security certificate. The certificate does not come from a trusted source. Error code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY

    I have set security.enterprise_roots.enabled to true as suggested in this answer. Also, going to Preferences > Privacy & Security > View Certificates, I can see my certificate is in the Authorities tab and I have checked the "This certificate can identify websites" in the "Edit Trust" dialog. This was not checked originally

    However Firefox refuses to accept the certificate. How can I fix this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Firefox: certificate is not trusted because the issuer certificate is unknown
Why Firefox alert me about HTTPs "Untrusted" Connection on Positivessl - Comodo certificate?
When using Kaspersky Anti-Virus Personal Root Certificate, can you view the website's certificate?
Is there a way to extract a "private certificate key" from Chrome and import it into Firefox?
How to properly install certificate issued to me?
Firefox doesn't ask me for a certificate when visiting a site that needs one
Firefox: This connection is untrusted + Behind corporate firewall
The certificate is not trusted because no issuer chain was provided
How to make Firefox ignore all SSL certification errors?
Firefox "Untrusted Connection" warnings when visiting reputable HTTPS sites when using child's account