为什么 Firefox 不信任我的自签名证书?
Why is Firefox not trusting my self-signed certificate?
我有一个本地域 (markfisher.local),我为其制作了一个自签名证书,我已将其添加到钥匙串访问中的证书中(我正在使用 Mac)。这导致证书在 Chrome 和 Safari 中受到信任。如果我编辑证书 Trust in KeyChain Access to "Never Trust" 然后 Chrome 并且 Safari 不再接受它,然后如果我将它改回 "Always Trust" 然后我可以访问 markfisher.local OK再次.
但是在 Firefox 中访问该站点时,我得到以下信息:
markfisher.local uses an invalid security certificate.
The certificate does not come from a trusted source.
Error code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
我已按照 中的建议将 security.enterprise_roots.enabled 设置为 true。此外,转到“首选项”>“隐私与安全”>“查看证书”,我可以看到我的证书在“权限”选项卡中,并且我在 "Edit Trust" 对话框中选中了 "This certificate can identify websites"。最初没有检查
但是 Firefox 拒绝接受该证书。我该如何解决这个问题?
请参阅 https://bugzilla.mozilla.org/show_bug.cgi?id=1034124 以及这个答案:
Looks like that certificate has a basicConstraints extension with the
value cA: TRUE. We stopped allowing CA certificates to act as
end-entity certificates. That certificate should be regenerated
without the basicConstraints extension.
这在 https://wiki.mozilla.org/SecurityEngineering/x509Certs
也有解释
Error Code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
What It Means: A certificate with a basic constraints extension with cA:TRUE is being used as an end-entity certificate
What Can I Do: Re-generate the end-entity certificate without the basic constraints extension
我在托管 cPanel DNS 传播后通过 运行“运行 AutoSSL”修复了错误。
现在 Firefox 说连接是安全的,没有任何错误。
我有一个本地域 (markfisher.local),我为其制作了一个自签名证书,我已将其添加到钥匙串访问中的证书中(我正在使用 Mac)。这导致证书在 Chrome 和 Safari 中受到信任。如果我编辑证书 Trust in KeyChain Access to "Never Trust" 然后 Chrome 并且 Safari 不再接受它,然后如果我将它改回 "Always Trust" 然后我可以访问 markfisher.local OK再次.
但是在 Firefox 中访问该站点时,我得到以下信息:
markfisher.local uses an invalid security certificate. The certificate does not come from a trusted source. Error code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
我已按照 security.enterprise_roots.enabled 设置为 true。此外,转到“首选项”>“隐私与安全”>“查看证书”,我可以看到我的证书在“权限”选项卡中,并且我在 "Edit Trust" 对话框中选中了 "This certificate can identify websites"。最初没有检查
但是 Firefox 拒绝接受该证书。我该如何解决这个问题?
请参阅 https://bugzilla.mozilla.org/show_bug.cgi?id=1034124 以及这个答案:
Looks like that certificate has a basicConstraints extension with the value cA: TRUE. We stopped allowing CA certificates to act as end-entity certificates. That certificate should be regenerated without the basicConstraints extension.
这在 https://wiki.mozilla.org/SecurityEngineering/x509Certs
也有解释Error Code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
What It Means: A certificate with a basic constraints extension with cA:TRUE is being used as an end-entity certificate
What Can I Do: Re-generate the end-entity certificate without the basic constraints extension
我在托管 cPanel DNS 传播后通过 运行“运行 AutoSSL”修复了错误。
现在 Firefox 说连接是安全的,没有任何错误。