cert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user. This file is used by Firefox, Thunderbird, and other XUL-based applications.
Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the
to the XULRunner application profile.
The syntax is described on this web site.
Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:
# PSM Certificate Override Settings file # This is a generated file! Do not edit. some.website.com:443 OID.2.16.8220.127.116.11.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA==
Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).
- domainname:port : port 443 for HTTPS (SSL)
- hash algorithm OID
- SHA1-256: OID.2.16.818.104.22.168.4.2.1 (most used)
- SHA-384: OID.2.16.822.214.171.124.4.2.2
- SHA-512: OID.2.16.8126.96.36.199.4.2.3
- Certificate fingerprint using previous hash algorithm
- One or more characters for override type:
- M : allow mismatches in the hostname
- U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
- T : allow errors in the validity time, for example, for expired or not yet valid certs
- Certificate's serial number and the issuer name as a base64 encoded string