Monday, July 14, 2008

Firefox 3 and Self-Signed SSL Certificates at http://localhost

I'm putting this here because it was too hard to find on google -- I guess there are variations of this problem with the new Firefox 3 SSL error handling functionality.

Problem: When you browse to a secure site on your local computer using 'localhost' -- https://localhost/website -- you get a modal dialog stating

...
The certificate is not trusted because it is self signed
(Error code: sec_error_ca_cert_invalid)
[Ok]

You can go no further.  If you try to manually add an exception using the advanced properties of Firefox, you will hit the same wall again when you tell Firefox to fetch the certificate you want to add an exception for. 

Cause: It's a bug in FF3, specifically with IPv6 stuff I guess. https://bugzilla.mozilla.org/show_bug.cgi?id=435558

Solution: There are two workarounds.  The first is to use 127.0.0.1 instead of localhost.  The second is to disable IPv6 tunneling (which you probably don't use now anyhow) by going to 'about:config' and setting network.dns.disableIPv6 to true.

Disqus for A Nofsinger's Blog