mozilla

Revision 143775 of cert_override.txt

  • Revision slug: Cert_override.txt
  • Revision title: cert_override.txt
  • Revision id: 143775
  • Created:
  • Creator: Yanmorin
  • Is current revision? No
  • Comment page created, 293 words added

Revision Content

cert_override.txt is a text file generated inside user profile to store certificate exception accepted by the user.
It's used by xulrunner application like Firefox, Thunderbird, etc...

Since there is no way to add easily an exception in Xulrunner 1.9 project, you can open the page inside Firefox,, accept the certificate and then copy the cert_override.txt to the xulrunner application profile.

The syntax is described on this web site http://boblord.livejournal.com/18402.html

Example

Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:

# PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
some.website.com:443	OID.2.16.840.1.101.3.4.2.1	00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00	U	AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==

Fields

Fields are separated by a tabulation character. Each line are separated by a return character (UNIX file)

  1. domainname:port : port 443 for HTTPS (SSL)
  2. hash algorithm OID
    • SHA1-256: OID.2.16.840.1.101.3.4.2.1 (most used)
    • SHA-384: OID.2.16.840.1.101.3.4.2.2
    • SHA-512: OID.2.16.840.1.101.3.4.2.3
  3. Certificate fingerprint using previous hash algorithm
  4. One or more characters for override type:
    • M : allow mismatches in the hostname
    • U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
    • T : allow errors in the validity time, like expired or not yet valid certs
  5. Certificate's serial number and the issuer name as a base64 encoded string

Revision Source

<p>cert_override.txt is a text file generated inside user profile to store certificate exception accepted by the user.<br>
It's used by xulrunner application like Firefox, Thunderbird, etc...</p>
<p>Since there is no way to add easily an exception in Xulrunner 1.9 project, you can open the page inside Firefox,, accept the certificate and then copy the cert_override.txt to the xulrunner application profile.</p>
<p>The syntax is described on this web site <a class=" external" href="http://boblord.livejournal.com/18402.html" rel="freelink">http://boblord.livejournal.com/18402.html</a></p>
<h3>Example</h3>
<p>Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:</p>
<pre># PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
some.website.com:443	OID.2.16.840.1.101.3.4.2.1	00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00	U	AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==
</pre>
<h3>Fields</h3>
<p>Fields are separated by a tabulation character. Each line are separated by a return character (UNIX file)</p>
<ol> <li>domainname:port : port 443 for HTTPS (SSL)</li> <li>hash algorithm OID<br> <ul> <li>SHA1-256: OID.2.16.840.1.101.3.4.2.1 (most used)</li> <li>SHA-384: OID.2.16.840.1.101.3.4.2.2</li> <li>SHA-512: OID.2.16.840.1.101.3.4.2.3</li> </ul> </li> <li>Certificate fingerprint using previous hash algorithm</li> <li>One or more characters for override type: <ul> <li>M : allow mismatches in the hostname</li> <li>U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)</li> <li>T : allow errors in the validity time, like expired or not yet valid certs</li> </ul> </li> <li>Certificate's serial number and the issuer name as a base64 encoded string</li>
</ol>
Revert to this revision