Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I'm using the Self Signed Certificate in ASP.NET Core with is default on as noted in this article I have trusted it with the command dotnet dev-certs https --trust

In Chrome and Edge, my API is showing 'Connection secure' in green when calling it. However, in Mozilla Firefox (Quantum 61.0.1), it is giving 'Connection insecure' with the following error: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

How can I solve this? How can I configure Firefox to allow Self Signed Certs? Or is this something I have to do in code?

Sounds like different browser implementations to me, and in this case I think Firefox is doing the right thing. Why would you want self-signed certs to be automatically trusted? Tudor Jul 13, 2018 at 11:29 Chrome and Edge (and .NET) use the Windows Certificate Store for trust decisions. Firefox does not. bartonjs Jul 13, 2018 at 13:16

The Firefox browser uses its own certificate store, and therefore doesn't trust the IIS Express or Kestrel developer certificates.

There are two approaches to trusting the HTTPS certificate with Firefox, create a policy file or configure with the FireFox browser. Configuring with the browser creates the policy file, so the two approaches are equivalent. See https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl#trust-ff on the official and maintained docs.

@Appsum Solutions can you change this to the accepted answer? I'll be maintaining that doc. SO can get stale. RickAndMSFT Apr 11, 2021 at 23:51 Fwiw, both approaches did not work for me. I still get SEC_ERROR_INADEQUATE_KEY_USAGE with both the policy and about:config changes KallDrexx Mar 21, 2022 at 17:58

Firefox does not use the Windows Certificate Store, so you'll need to add the certificate as an exception to Firefox manually.

Start the development server from Visual Studio; in Firefox, goto top-right hamburger icon -> Options -> Privacy & Security -> Certificates: View Certificates... -> Add Exception... and enter the url of your local development server, e.g " https://localhost:4000 ". Click "Get Certificate", check "Permanently store this exception" and "Confirm Security Exception".

I followed these steps however Firefox (75.0b5) still gives the warning: "The connection is not secure". jhhwilliams Mar 19, 2020 at 3:52

The dotnet dev-certs https --trust command stores a CA root certificate for localhost in Windows Certificate store or MacOS system keychain. By default Firefox doesn't use these to verify a certificate.

Firefox provides the possibility to trust certificates that are stored in the system keychain. One of the ways is by enabling the setting security.enterprise_roots.enabled in about:config .

More information: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Setting just security.enterprise_roots.enabled to true didn't worked for me. So I added additionally to that ImportEnterpriseRoots setting to true. Yoro Jul 26, 2022 at 13:02 @yoro - You should make your comment a new answer for better visibility. The accepted answer did work at one time, but not any more(at least for me and a few others, based on comments above). I missed your comment while I was looking at this yesterday, but this was the setting i needed to change. user120675 Feb 12 at 5:02

Thanks for contributing an answer to Stack Overflow!

  • Please be sure to answer the question . Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .