Import self signed ssl certificate .pem to firefox

firefox ssl x509certificate pem ca
newhorizens picture newhorizens · Aug 20, 2015 · Viewed 7.2k times · Source

I added self signed certificate in .pem format in Firefox under Authorities tab. When I access site, Firefox throws error

mozilla_pkix_error_ca_cert_used_as_end_entity

It says that the certificate is not trusted because it is self signed. What can be issue?

Answer

Steffen Ullrich picture Steffen Ullrich · Aug 20, 2015

If you add the certificate as authority then it should be used as authority, i.e. for signing other certificates. If you instead use it as a server certificate (i.e. as end entity and not authority) then it should not be added as authority to firefox but instead as server certificate. This will be automatically done if the certificate is not known and you click through the certificate error messages when connecting to your site and accept the sites certificate permanently.

You should also make sure that your certificates contains the necessary key purpose to be used as a server certificate.

Related questions

Is there a way to make Firefox ignore invalid ssl-certificates?

I am maintaining a few web applications. The development and qa environments use invalid/outdated ssl-certificates. Although it is generally a good thing, that Firefox makes me click like a dozen times to accept the certificate, this is pretty annoying. …

Read More
Chrome not Firefox are not dumping to SSLKEYLOGFILE variable

I'm trying to decrypt SSL packages with Wireshark as described here. I have already created a SSLKEYLOGFILE System and User variable and the log file. I have restarted my computer (running Windows 10), and opened https urls with Chrome and Firefox, …

Read More
How to trust self-signed localhost certificates on Linux Chrome and Firefox

I try to generate a self-signed certificate for a custom local domain pointing to 127.0.0.1: # /etc/hosts 127.0.0.1 subdomain.domain.local I've generated a self-signed certificate using openssl and remember that everything worked in the past. But it seems that since Chrome 58, …

Read More