Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

Learn More

Ce sujet de discussion a été archivé. Veuillez poser une nouvelle question si vous avez besoin d’aide.

We operate in a very restricted DNS environment and downloading sites with signed wildcard SSL is very slow so how do we disable all checks and keep HTTPS?

  • 2 réponses
  • 3 ont ce problème
  • 1 vue
  • Dernière réponse par ELCV

ELCV
ELCV
more options

If we were using a self-signed certificate we could add an exception. But we use a DigiCert wildcard certificate. Our sites use a very restricted DNS with maybe a dozen URLs for which a name resolves to an IP. When Firefox is used to access our sites over HTTPS it is slow and often fails to load bu serving up error messages on the security of the site. I believe this is because it is looking to verify the certificate or revocation. We do not have this issue using HTTP. I have disabled "Query OCSP" but it has not helped.

Any assistance would be appreciated.

Thanks.

If we were using a self-signed certificate we could add an exception. But we use a DigiCert wildcard certificate. Our sites use a very restricted DNS with maybe a dozen URLs for which a name resolves to an IP. When Firefox is used to access our sites over HTTPS it is slow and often fails to load bu serving up error messages on the security of the site. I believe this is because it is looking to verify the certificate or revocation. We do not have this issue using HTTP. I have disabled "Query OCSP" but it has not helped. Any assistance would be appreciated. Thanks.

Solution choisie

So, I have a solution for this, but I don't consider it ideal.

Our certificate provider uses two URLs resolving to a single IP to validate certificates. Adding these records to our restricted DNS solves the problem. However, IPs addresses do change from time-to-time and each site would have to be updated should that happen.

Ideally, it would be nice if Mozilla would add a "trust" or whitelist option to Firefox.

Thanks.

Lire cette réponse dans son contexte 👍 0

Toutes les réponses (2)

FredMcD
FredMcD
more options

I've called the big guys to help you. Good luck.

ELCV
ELCV Auteur de la question
more options

Solution choisie

So, I have a solution for this, but I don't consider it ideal.

Our certificate provider uses two URLs resolving to a single IP to validate certificates. Adding these records to our restricted DNS solves the problem. However, IPs addresses do change from time-to-time and each site would have to be updated should that happen.

Ideally, it would be nice if Mozilla would add a "trust" or whitelist option to Firefox.

Thanks.