cert_override.txt

cert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user.  This file is used by Firefox, Thunderbird, and other XUL-based applications.

Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the cert_override.txt to the XULRunner application profile.

The syntax is described on this web site.

Example

Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:

# PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
some.website.com:443	OID.2.16.840.1.101.3.4.2.1	00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00	U	AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==

Fields

Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).

  1. domainname:port : port 443 for HTTPS (SSL)
  2. hash algorithm OID
    • SHA1-256: OID.2.16.840.1.101.3.4.2.1 (most used)
    • SHA-384: OID.2.16.840.1.101.3.4.2.2
    • SHA-512: OID.2.16.840.1.101.3.4.2.3
  3. Certificate fingerprint using previous hash algorithm
  4. One or more characters for override type:
    • M : allow mismatches in the hostname
    • U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
    • T : allow errors in the validity time, for example, for expired or not yet valid certs
  5. Certificate's serial number and the issuer name as a base64 encoded string

Document Tags and Contributors

Contributors to this page: Sheppy, Yanmorin
Last updated by: Sheppy,