On Saturday 05 Sep 2015 17:22:24 lee wrote: > Mick <michaelkintz...@gmail.com> writes: > > On Saturday 05 Sep 2015 02:08:47 Fernando Rodriguez wrote: > >> On Saturday, September 05, 2015 1:05:06 AM lee wrote: > >> > In this case, I happen to have full physical access to the server and > >> > thus to the certificate stored on it. This is not the case for, let's > >> > say, an employee checking his work-email from home whom I might give > >> > the login-data on the phone and instruct to add an exception when the > >> > dialog to do so pops up when they are trying to connect. > >> > >> As a workaround you can create your own CA cert. I tested with a windows > >> self- signed cert (I guess the correct term is self-issued) and the > >> openssl command will show two certs. The second is the CA. > >> > >> http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certific > >> ate -authority/ > > > > lee, on my FF I can import a self-signed certificate when I go to: > > about:preferences#advanced > > You mean to enter this as an URL, just like about:config? When I do > that, I'm getting "The URL is not valid and cannot be loaded. The > provided address is not in a recognized format. Please check the > location bar for mistakes and try again.". > > Maybe that only works with firefox?
Yes, it seems to be the case that SeaMonkey has some GUI differences to Firefox. I am on Firefox-38.2.1 at present. > > and then select the 'Servers' tab. After I import it I can select it and > > click on the 'Add Exception' button at the bottom of the tab. Enter the > > http address of the server and FF should go and fetch it afresh when you > > click on 'Get Certificate', then tick 'Permanently store this exception' > > and 'Confirm Security Exception'. These buttons will be greyed out if > > do not download the certificate or if I am running FF in Private > > Browsing mode. > > I'm guessing you might be in the window that shows up when you edit > preferences and go to 'Privacy & Security --> Certificates --> Manage > Certificates ...' and then to the "Servers" tab. Yes, this is the location I am referring to. However, if it is hanging and not connecting to the server to fetch the certificate something is not right. This is the reason with the exception button it greyed out. I can't recall if you tried this: Can you please remove it from Servers and try adding it to the Authorities tab? Your version may have additional verification checks for self-signed certificates, because they essentially acting as their own Root CAs. > From there, I can import the certificate I downloaded with openssl. > Once imported, I can click on "Add Exceptions". That gives me the same > dialog which comes up when I'm trying to connect which doesn't allow me > to add an exception because the buttons to do so are disabled. The > dialog remains stuck at "Checking Information" indefinitely. > > I'm attaching a screenshot: The fact that it is hanging and not obtaining the certificate makes me wonder if you need to specify a domain name in the CN field of the certificate, identical to the full URI that the client is trying to connect to. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
