this post was submitted on 14 Sep 2024
48 points (91.4% liked)

Firefox

17849 readers
143 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
48
On .LAN domains, how to stop firefox switching to https (when it's not available) and stop complaining about self-signed certificates when it is available ? (lemmy.ml)
submitted 1 month ago* (last edited 1 month ago) by interdimensionalmeme@lemmy.ml to c/firefox@lemmy.ml
25 comments fedilink hide all child comments
 

I'm just so annoyed of fighting this all the time.

If I can't figure this out I'm going to disable all https redirecting and all certificate errors off so I can have some peace

EDIT: I do not wish to manage certificates I do not want to setup private key infrastructure I don't want to use real internet domain names I don't want to manually install certificates into browsers after fishing them out of my ephemeral virtual machines

I just want to, add exception for *.lan for https auto redirect and auto-accept self-signed certificates as valid. This is not much to ask.

you are viewing a single comment's thread
view the rest of the comments
[–] ulterno@lemmy.kde.social 0 points 1 month ago (10 children)

For the certificate errors, just add a root CA of your own making.
Disabling auto-https, no idea. Maybe fix the source?

[–] ReversalHatchery@beehaw.org 1 points 1 month ago* (last edited 1 month ago) (7 children)

does not sound like a good idea. your own CA can sign certs for any other sites too, and it's dangerous.

I would say it's even more dangerous of you just think "nah, it'll be fine"

[–] lud@lemm.ee 2 points 1 month ago (6 children)

What do you mean?

Of course their own CA can sign certificates for whatever the fuck it wants, but it's their CA so why would they do that?

You obviously shouldn't trust anyone else's CA unless you actually trust it. But if you don't trust your own CA what's the point of having a CA?

P.S. I'm guessing OP doesn't actually have a CA and is just using simple self signed certificates without any private CA that has signed them.

[–] ulterno@lemmy.kde.social 0 points 1 month ago

P.S. I’m guessing OP doesn’t actually have a CA and is just using simple self signed certificates without any private CA that has signed them.

You're right. I'm talking about making a certificate using gpg and storing it on your system. Then adding it to the root CA list and signing all your Local SSH stuff with it.

load more comments (5 replies)
load more comments (5 replies)
load more comments (7 replies)