Root certificate expiring - anything to be done?
|
Jan. 13, 2025, 04:24 PM
Post: #1
|
|||
|
|||
Root certificate expiring - anything to be done?
Not sure if this is the right place to put this but Firefox has been opening with stark warnings about root certificates expiring on old older versions on Jan 14 and claiming that it will cause "some preferences and other features to stop working" and that some websites and add-ons will break. I've used older versions of FF for years without any problems, but now suddenly this? Is it really different this time? If so, is there anything I can do about it if I want to keep running an older version?
On this PC I'm still running Win 7 flawlessly, but you can't go past FF version 115 with that OS anyway. |
|||
Jan. 26, 2025, 08:56 AM
Post: #2
|
|||
|
|||
RE: Root certificate expiring - anything to be done?
Which certificate is expiring? You can always download and install new certificates if you know which one is expiring.
|
|||
Jan. 31, 2025, 06:42 AM
Post: #3
|
|||
|
|||
RE: Root certificate expiring - anything to be done?
I'm not sure what specific "root" cert they were talking about. This warning read: "Your version of Firefox will start to have provlems on January 14. A root certificate will expire, causing some preferences and other features to stop working. On March 14, 2025, add-ons and more features will also break."
On Jan 14 nothing really happened. Everything continued to work as usual. I should explain that I've been running Firefox 100 for a long time because every time I had tried to go past version 100, Firefox would not work at all with Proxomitron, either ProxHTTPSProxy or Reborn. Every single site would refuse to load with "Warning: potential security risk ahead." All versions below 100 would load most sites, but everything above would be unusable with SSL errors. These recent FF warnings finally motivated me to do some research and experimentation. Some claimed that Firefox would use the Windows OS certs if its own failed and "security.enterprise_roots.enabled" was set to true. I hoped that maybe updating the Windows 7 root certificates would solve the problems, so I used the OS cert updater here: https://github.com/asheroto/Root-Certificate-Updater. It didn't help with later editions of FF, so I kept looking and found a newer cert updater here: https://msfn.org/board/topic/183352-prox...uture-use/ After applying that, versions of FF after 100 were still not working and my current version 100 was clearly worse, with youtube almost becoming unusable due to video stoppage. I of course also updated certs.pem and cacert.pem from https://curl.haxx.se/docs/caextract.html but that has never seemed to solve anything. I then noticed in the above thread at msfn for XP users that there were newer versions of ProxHTTPSProxy than I have. After trying version 1.5 it actually worked with Firefox 115esr! At first I was elated to finally get that breakthrough, but there are still problems with some sites just like I was having before. There are newer versions of ProxHTTPSProxy available there (20230813), but they fail on my Win 7 with "procedure entry point GetCPFileNameFromRegistry could not be located in the dynamic link library Kernel32.dll" Obviously I don't know what I'm doing in many ways, but would really like to get things working with no SSL errors if at all possible since I'm very tired of (even with FF 100) having to turn off the proxy for certain sites and having to deal with broken css and other site functionality because of cert failures for other domains the site uses. Ideally I love a way to force/trick the browser to ignore all cert errors and load all sites automatically. |
|||
Feb. 01, 2025, 03:29 AM
Post: #4
|
|||
|
|||
RE: Root certificate expiring - anything to be done?
I can say that Firefox 115 works fine with Proxomitron Reborn (v4.7 20240421) on XP - depending on what errors you're getting, you may need to regenerate its certificate to use more secure algorithms/longer key lengths.
|
|||
Feb. 02, 2025, 03:21 AM
Post: #5
|
|||
|
|||
RE: Root certificate expiring - anything to be done?
It's not working for me on Win 7. I'll move discussion of that to the Reborn thread.
|
|||
« Next Oldest | Next Newest »
|