Hey Roman,
The issue is that Firefox has internal verification of certificates.
To be more exact it has a very strict rules about the structure of the
firefox domain or any other related domains certificates.
I would disable auto-update of firefox for my desktop in any case.
If it as an issue which is not related only for one desktop then I would
have start by presenting the issue to firefox team.
They do have an IRC channel\room on a private server and once you have
consulted them the next step will be much smarter.
I would not run to "improve" ssl-bump certificate mimic and would prefer
to get help from the firefox team to prevent couple issues while
providing a usable solution.
There might be a firefox variable that can be changed in order to allow
your situation as exception.
Regards,
Eliezer
On 07/01/14 02:59, Roman Gelfand wrote:
> I have an ssl bump setup with ssl_bump server-first all.
>
> When firefox is attempting an update, end user gets error "something
> is trying to trick firefox into accepting an insecure update".
>
> From what I gathered, unless I am wrong, firefox doesn't like when
> certificate changes in the middle.
>
> In any case, is there a way to deal with this either specifically
> bypassing ssl bump or something else?
>
> Thanks in advance
Received on Tue Jan 07 2014 - 01:27:10 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 07 2014 - 12:00:04 MST