Disabling Firefox’s ‘Secure Connection Failed’ Warning
Although controversial, Firefox 3′s secure connection failed warning, shown when a website’s digital certificate is invalid or self-signed, can be easily disabled.
- In the address bar, type about:config > click ‘Enter’.
- You’ll get a warning message, This might void your warranty!, click I’ll be careful, I promise!
- Double-click browser.ssl_override_behavior and change the value from ’1′ to ’2′.
- Restart Firefox.
Instead of disabling the notice all together, you can have a warning displayed – without having to add an exception.
- browser.xul.error_pages.expert_bad_cert = true
Firefox’s anti-phishing warnings will still warn users if a specific site is suspicious. I’m not convinced that the secure connection failed warning really helps the average user, since they won’t know what it is. Either way, you can now get around it.
Each Tuesday, Security Musings features a topic to help educate our readers about security. For more information about Gemini Security Solutions’ security education capabilities, contact us!
October 21st, 2008 at 12:17 pm
I still think having something/someone out there checking the that the certs are valid is a good option. As I mentioned before the “Perspectives” add-on is a great alternative and I think it will also help build a respectable database of valid certs if that data is ever used outside the project.
http://securitymusings.com/article/415/perspectives-firefox-extension
November 11th, 2008 at 9:07 pm
So what I don’t get is the huge number of sites as a SysAdmin that I have to get to on my internal network that are SSL signed. Off the top of my head, iLo and DRAC both are self signed SSL required, add in any network switches which have https turned on, many NAS appliances and the like. Even HP printers can have SSL turned on for management. What I don’t like is the inability to revert to the v2 / IE6 type of “click once” to get to the page. This has become a 4 click endeavor, and is outright driving me crazy. I’m only running FF3 on 1 laptop now and will not upgrade any other machines due to this “security enhancement”
Reminder – security requires a balance between hoops to jump and a users willingness. Complex passwords are no good if they’re on a sticky note attached to the monitor…..
November 12th, 2008 at 10:32 am
@ eJoe:
I agree, the option should be available. But warnings about things that most people don’t understand will continue to fly right over their heads and have them miss out on plenty of legitimate sites.
January 13th, 2009 at 12:11 pm
because of this I’ve reverted to using Internet Explorer 6 as most of the military sites I want/use have expired certificates.
Goodbye Mozilla; you can have too much of a good thing you know!!
February 5th, 2009 at 7:08 pm
Almost every internal site I touch have expired certs. We’re just coming of a merger and it’s ugly. HR, payroll, all my source code. Even the fix above didn’t stop some of the sites (my expenses of course).
Bye-bye Firefox.
February 10th, 2009 at 8:53 am
people, wake up. read the freaking post — it’s very easy to change this
March 19th, 2009 at 3:22 am
Thank you for the solution, it works
It has helped me a lot in my daily work, where I have a lot of SS certs.
July 7th, 2009 at 7:01 am
[...] of the time an error reading an email or getting Firefox’s secure connection failed warning are the reasons you’ll go through the clunky process of inspecting a digital certificate. [...]
October 4th, 2009 at 6:04 pm
[...] My overall desire would be to not completely disable the functionality as this website provides instructions to do. [...]
November 17th, 2009 at 5:37 am
The fix above hasn’t worked for me – it made no difference. This is driving me crazy – I’m also using lots of internal sites with this problem – the biggest problem I have is that I’m using Selenium to auto-test many websites, and Selenium creates a brand-new profile for each test.
Anybody suggest how to fix?
Any help REALLY appreciated…
January 7th, 2010 at 7:15 am
This didn’t work for me either + my setting was already at ’2′
While I appreaciate Firefox offering this it should be an option. I am unable to get to my bank, paypal,..
January 25th, 2010 at 12:38 am
Awesome job, thanks so much for putting it out there! Love your blog, and posts like this really illustrate why.
April 19th, 2010 at 5:17 am
sweet that fixed my problem, props to you whoever you are
May 5th, 2010 at 12:00 pm
“Double-click browser.ssl_override_behavior and change the value from ‘1′ to ‘2′.”
This value is already “2″ in my browser (3.6.3), and I am getting the warning.
May 30th, 2010 at 1:27 am
Always entertaining to discover another point of view, lovely
May 30th, 2010 at 2:06 pm
The content on this submit is really a single of the most effective material that We have ever are available across. I love your article, I’ll appear back to verify for new posts.
June 15th, 2010 at 7:24 pm
You might have a problem with the calendar on your computer. I had the problem. Couldn’t figure it out. Double-clicked on my “Time” icon on the task manager. (Where you set the time on your computer.) I checked the calendar. Somehow the date had reverted back to 2004. I set the correct date on the calendar. Problem solved. Might work for you, too.
June 23rd, 2010 at 4:49 pm
gives use a excellent webpage decent Gives gives thanks for the work to support people
June 30th, 2010 at 10:14 am
you have a good taste.
August 8th, 2010 at 1:11 pm
another waist of time and crop
October 27th, 2010 at 11:24 pm
Nice website greatly help me locate the info we were searching for
November 22nd, 2010 at 10:31 pm
Thank you for information about Mozilla. I like Mozilla, because it makes it all work.
December 21st, 2010 at 11:22 pm
Relating to security models, specifically for companies, I have to go along with what you’ve said totally. You will find so quite a few alternatives in the marketplace, it’s essential for any specialist to know what is bestfor his or her situation and as well as specific complex. The ideas you are providing continue to be a terrific aid to businesses and as well as security professionals similarly. Thanks once more!
January 29th, 2011 at 3:16 am
The suggested “fix” doesn’t work for me either, the value was already 2.
There was absolutely nothing wrong with the prior FF behavior.
Give an invalid SSL warning to the user, but let them proceed if they need to. There is nothing insecure about this approach. After all, a site with an expired/self signed cert is no less safe than a site without HTTPS at all.
The current situation is intolerable, and frankly the developers who insist on this after years of bug reports are totally moronic.