cert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user.  This file is used by Firefox, Thunderbird, and other XUL-based applications.

Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the cert_override.txt to the XULRunner application profile.

The syntax is described on this web site.


Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:

# PSM Certificate Override Settings file
# This is a generated file!  Do not edit.


Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).

  1. domainname:port : port 443 for HTTPS (SSL)
  2. hash algorithm OID
    • SHA1-256: OID.2.16.840. (most used)
    • SHA-384: OID.2.16.840.
    • SHA-512: OID.2.16.840.
  3. Certificate fingerprint using previous hash algorithm
  4. One or more characters for override type:
    • M : allow mismatches in the hostname
    • U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
    • T : allow errors in the validity time, for example, for expired or not yet valid certs
  5. Certificate's serial number and the issuer name as a base64 encoded string

Document Tags and Contributors

 Contributors to this page: chrisdavidmills, Sheppy, Yanmorin
 Last updated by: Sheppy,