Monday, July 14, 2008

Firefox 3 and Self-Signed SSL Certificates at http://localhost

I'm putting this here because it was too hard to find on google -- I guess there are variations of this problem with the new Firefox 3 SSL error handling functionality.

Problem: When you browse to a secure site on your local computer using 'localhost' -- https://localhost/website -- you get a modal dialog stating

...
The certificate is not trusted because it is self signed
(Error code: sec_error_ca_cert_invalid)
[Ok]

You can go no further.  If you try to manually add an exception using the advanced properties of Firefox, you will hit the same wall again when you tell Firefox to fetch the certificate you want to add an exception for. 

Cause: It's a bug in FF3, specifically with IPv6 stuff I guess. https://bugzilla.mozilla.org/show_bug.cgi?id=435558

Solution: There are two workarounds.  The first is to use 127.0.0.1 instead of localhost.  The second is to disable IPv6 tunneling (which you probably don't use now anyhow) by going to 'about:config' and setting network.dns.disableIPv6 to true.

4 comments:

Unknown said...

Fantastic! Exactly what I needed. I love it when little tips like this save a boat load of time. Great stuff.

Anonymous said...

Oh wow - am I every glad I came across this post - that fixes my issue perfectly!

THANK YOU!!

Andrew Bobulsky said...

Full of win. I forgot that localhost resolves IPv6 by default.

Thanks!

Hans said...

Thanks a lot, saves me a lot of time. google on 'firefox certificate localhost' brought you on the nr. 1 position of the list.

Disqus for A Nofsinger's Blog