Mozilla Firefox (Mac OS X) platform support for trusting enterprise roots

firefox
ssl
certificate
us-cert
mozilla
certs

(Cliff Yaun) #1

If you are seeing an issue importing Enterprise root certificates in Mozilla Firefox ESR (Mac OS X), you may need to roll back to version 52.

Scenario: Users are seeing error messages when browsing to HTTPS sites like Amazon.com, Facebook.com, etc. The Firefox error message states either “MOZILLA_PKIX_ERROR_MITM_DETECTED”, or “SEC_ERROR_UNKNOWN_ISSUER”, or “ERROR_SELF_SIGNED_CERT”. When you check the Firefox cert store, you will not find your Enterprise root cert listed there. If you attempt to import it, the process will seemingly complete without error, but if you check the Firefox browser console logs, you can see that there is an error listed related to a failed cert import.

There is a known bug in Firefox ESR version(s) 62, 60 and 57. Rolling back to version 52 should resolve the issue. Mozilla reports it is fixed in upcoming release 63.

Further details found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1300420


(Scott Bullock) #2

Thank you for the hot tip!