cert_override.txt

  • Revision slug: Cert_override.txt
  • Revision title: cert_override.txt
  • Revision id: 143776
  • Created:
  • Creator: Sheppy
  • Is current revision? Yes
  • Comment 33 words added, 35 words removed; page display name changed to 'cert_override.txt'

Revision Content

cert_override.txt is a text file generated in the user profile to store certificate exceptions specified by the user.  This file is used by Firefox, Thunderbird, and other XUL-based applications.

Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the cert_override.txt to the XULRunner application profile.

The syntax is described on this web site.

Example

Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:

# PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
some.website.com:443	OID.2.16.840.1.101.3.4.2.1	00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00	U	AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==

Fields

Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).

  1. domainname:port : port 443 for HTTPS (SSL)
  2. hash algorithm OID
    • SHA1-256: OID.2.16.840.1.101.3.4.2.1 (most used)
    • SHA-384: OID.2.16.840.1.101.3.4.2.2
    • SHA-512: OID.2.16.840.1.101.3.4.2.3
  3. Certificate fingerprint using previous hash algorithm
  4. One or more characters for override type:
    • M : allow mismatches in the hostname
    • U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
    • T : allow errors in the validity time, for example, for expired or not yet valid certs
  5. Certificate's serial number and the issuer name as a base64 encoded string

Revision Source

<p><code>cert_override.txt</code> is a text file generated in the user profile to store certificate exceptions specified by the user.  This file is used by Firefox, Thunderbird, and other XUL-based applications.</p>
<p>Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the <code><code>cert_override.txt</code></code> to the XULRunner application profile.</p>
<p>The syntax is described on <a class="external" href="http://boblord.livejournal.com/18402.html" title="http://boblord.livejournal.com/18402.html">this web site</a>.</p>
<h3 id="Example">Example</h3>
<p>Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:</p>
<pre># PSM Certificate Override Settings file
# This is a generated file!  Do not edit.
some.website.com:443	OID.2.16.840.1.101.3.4.2.1	00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00	U	AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAA    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAA==
</pre>
<h3 id="Fields">Fields</h3>
<p>Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).</p>
<ol> <li>domainname:port : port 443 for HTTPS (SSL)</li> <li>hash algorithm OID<br> <ul> <li>SHA1-256: OID.2.16.840.1.101.3.4.2.1 (most used)</li> <li>SHA-384: OID.2.16.840.1.101.3.4.2.2</li> <li>SHA-512: OID.2.16.840.1.101.3.4.2.3</li> </ul> </li> <li>Certificate fingerprint using previous hash algorithm</li> <li>One or more characters for override type: <ul> <li>M : allow mismatches in the hostname</li> <li>U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)</li> <li>T : allow errors in the validity time, for example, for expired or not yet valid certs</li> </ul> </li> <li>Certificate's serial number and the issuer name as a base64 encoded string</li>
</ol>
Revert to this revision