问题
I'm trying to configure my computer to trust a self-signed certificate for testing a website. However I'm having problems with Firefox. Chrome and IE are fine with it.
I've done the following.
- Create a 2048 bit pem rsa key and crt with openssl
- Created a pfx file from the key and crt files
- Imported the pfx into the personal certificate store on the server using MMC
- Configured IIS to use the certificate for the site
On the client PC
- Imported the pem crt file into the personal certificate store with MMC
At this point Chrome is totally fine with the site and displays the green padlock. IE and Edge likewise show now warnings or errors.
However Firefox gives an SSL error and refuses to trust the certificate because it's self-signed.
I've tried creating the certificate as a CA and non-CA certificate, and it makes no difference.
I've also tried adding the certificate directly to Firefox's list of Authorities. It still won't trust it.
Is there some preferred method for convincing Firefox to trust a self-signed certificate? Is there some way to convince it that the certificate is not self-signed?
回答1:
You must go to about:config and change the configuration security.enterprise_roots.enabled to true.
https://wiki.mozilla.org/CA:AddRootToFirefox
来源:https://stackoverflow.com/questions/38581832/firefox-not-trusting-self-signed-certificate