Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I'm using the Self Signed Certificate in ASP.NET Core with is default on as noted in
this article
I have trusted it with the command
dotnet dev-certs https --trust
In Chrome and Edge, my API is showing 'Connection secure' in green when calling it. However, in Mozilla Firefox (Quantum 61.0.1), it is giving 'Connection insecure' with the following error:
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
How can I solve this? How can I configure Firefox to allow Self Signed Certs? Or is this something I have to do in code?
–
–
The Firefox browser uses its own certificate store, and therefore doesn't trust the IIS Express or Kestrel developer certificates.
There are two approaches to trusting the HTTPS certificate with Firefox, create a policy file or configure with the FireFox browser. Configuring with the browser creates the policy file, so the two approaches are equivalent. See
https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl#trust-ff
on the official and maintained docs.
–
–
Firefox does not use the Windows Certificate Store, so you'll need to add the certificate as an exception to Firefox manually.
Start the development server from Visual Studio; in Firefox, goto top-right hamburger icon -> Options -> Privacy & Security -> Certificates: View Certificates... -> Add Exception... and enter the url of your local development server, e.g "
https://localhost:4000
". Click "Get Certificate", check "Permanently store this exception" and "Confirm Security Exception".
–
The
dotnet dev-certs https --trust
command stores a CA root certificate for
localhost
in Windows Certificate store or MacOS system keychain. By default Firefox doesn't use these to verify a certificate.
Firefox provides the possibility to trust certificates that are stored in the system keychain. One of the ways is by enabling the setting
security.enterprise_roots.enabled
in
about:config
.
More information:
https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox
–
–
Thanks for contributing an answer to Stack Overflow!
-
Please be sure to
answer the question
. Provide details and share your research!
But
avoid
…
-
Asking for help, clarification, or responding to other answers.
-
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our
tips on writing great answers
.