this post was submitted on 02 Aug 2023
1 points (100.0% liked)

Firefox

145 readers
7 users here now

The latest news and developments on Firefox and Mozilla, a global non-profit that strives to promote openness, innovation and opportunity on the web.

You can subscribe to this community from any Kbin or Lemmy instance:

Related

Rules

While we are not an official Mozilla community, we have adopted the Mozilla Community Participation Guidelines as far as it can be applied to a bin.

Rules

  1. Always be civil and respectful
    Don't be toxic, hostile, or a troll, especially towards Mozilla employees. This includes gratuitous use of profanity.

  2. Don't be a bigot
    No form of bigotry will be tolerated.

  3. Don't post security compromising suggestions
    If you do, include an obvious and clear warning.

  4. Don't post conspiracy theories
    Especially ones about nefarious intentions or funding. If you're concerned: Ask. Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources.

  5. Don't accuse others of shilling
    Send honest concerns to the moderators and/or admins, and we will investigate.

  6. Do not remove your help posts after they receive replies
    Half the point of asking questions in a public sub is so that everyone can benefit from the answers—which is impossible if you go deleting everything behind yourself once you've gotten yours.

founded 1 year ago
MODERATORS
 

I'm a web developer working on an app running in Docker on my MacBook. Chrome, Edge and Safari trust the self-signed certificate that has been imported into the Mac's root certificate store and have no security issues, but when I try and access the web app, I'm hit with "Warning: Potential Security Risk Ahead" and the error code is MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY

I really miss Firefox, particularly the multi-account containers feature. What do I need to do so that Firefox will trust my certificate for my local web app?

top 4 comments
sorted by: hot top controversial new old
[–] nromdotcom 2 points 1 year ago (1 children)

I haven't seen that particular error before, but based on the error name it sounds like you may be using the generated root CA cert directly as the cert served by your app. You'll want to generate a leaf cert off of the root and have your app serve that locally.

[–] bl_r 1 points 1 year ago

Seconded. I use self signed certs all the time, but never the root CA cert. I also don’t add my cert at the OS level, I just add it at the browser level

[–] Mr_Figtree@kbin.social 0 points 1 year ago (1 children)

Does the certificate have a basic constraints extension with CA:TRUE set? Firefox doesn't allow that for certificates used as ‘end entity’ certificates. You'll want to re-generate the certificate without the extension.

[–] KiwiNFLFan@fedia.io 1 points 1 year ago

Looking at the certificate, it seems that yes, the certificate authority is set to 'yes'. So the certificate needs to be regenerated?