Import self signed ssl certificate .pem to firefox

newhorizens picture newhorizens · Aug 20, 2015 · Viewed 7.2k times · Source

I added self signed certificate in .pem format in Firefox under Authorities tab. When I access site, Firefox throws error

mozilla_pkix_error_ca_cert_used_as_end_entity

It says that the certificate is not trusted because it is self signed. What can be issue?

Answer

Steffen Ullrich picture Steffen Ullrich · Aug 20, 2015

If you add the certificate as authority then it should be used as authority, i.e. for signing other certificates. If you instead use it as a server certificate (i.e. as end entity and not authority) then it should not be added as authority to firefox but instead as server certificate. This will be automatically done if the certificate is not known and you click through the certificate error messages when connecting to your site and accept the sites certificate permanently.

You should also make sure that your certificates contains the necessary key purpose to be used as a server certificate.