cert_override.txt is a text file generated inside user profile to store certificate exception accepted by the user.
It's used by xulrunner application like Firefox, Thunderbird, etc...
Since there is no way to add easily an exception in Xulrunner 1.9 project, you can open the page inside Firefox,, accept the certificate and then copy the cert_override.txt to the xulrunner application profile.
The syntax is described on this web site http://boblord.livejournal.com/18402.html
Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:
# PSM Certificate Override Settings file # This is a generated file! Do not edit. some.website.com:443 OID.2.16.818.104.22.168.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA==
Fields are separated by a tabulation character. Each line are separated by a return character (UNIX file)
- domainname:port : port 443 for HTTPS (SSL)
- hash algorithm OID
- SHA1-256: OID.2.16.822.214.171.124.4.2.1 (most used)
- SHA-384: OID.2.16.8126.96.36.199.4.2.2
- SHA-512: OID.2.16.8188.8.131.52.4.2.3
- Certificate fingerprint using previous hash algorithm
- One or more characters for override type:
- M : allow mismatches in the hostname
- U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
- T : allow errors in the validity time, like expired or not yet valid certs
- Certificate's serial number and the issuer name as a base64 encoded string