Although controversial, Firefox 3’s secure connection failed warning, shown when a website’s digital certificate is invalid or self-signed, can be easily disabled.

  1. In the address bar, type about:config > click ‘Enter’.
  2. You’ll get a warning message, This might void your warranty!, click I’ll be careful, I promise!
  3. Double-click browser.ssl_override_behavior and change the value from ‘1’ to ‘2’.
  4. Restart Firefox.

Instead of disabling the notice all together, you can have a warning displayed – without having to add an exception.

  • browser.xul.error_pages.expert_bad_cert = true

Firefox’s anti-phishing warnings will still warn users if a specific site is suspicious. I’m not convinced that the secure connection failed warning really helps the average user, since they won’t know what it is. Either way, you can now get around it.

Each Tuesday, Security Musings features a topic to help educate our readers about security.  For more information about Gemini Security Solutions’ security education capabilities, contact us!

This entry was posted on Tuesday, October 21st, 2008 at 11:46 am by Anil Polat and is filed under Tutorial Tuesday.