Matt McCutchen Reporter
	Description • 15 years ago

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100210 Fedora/3.6.1-1.matt1.fc12 Namoroka/3.6
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.3a2pre) Gecko/20100209 Minefield/3.7a2pre

After adding a security exception for a site, if I go back into the Certificate Manager and try to add another exception for the same site, the "Add Security Exception" dialog shows:

"Valid Certificate

This site provides valid verified identification.  There is no need to add an exception."

This is not accurate.  The dialog should say something like the following:

"Exception Already Exists

You have already added a security exception for this site, and its identification has not changed since then."

Reproducible: Always

Steps to Reproduce:
1. Add a security exception for https://stepmaniam2.com .
2. Go to the Certificate Manager -> Servers tab -> Add Exception.
3. Enter https://stepmaniam2.com and press "Get Certificate".
Actual Results:  
The dialog says "Valid Certificate".

Expected Results:  
The dialog should say "Exception Already Exists" or similar.

	:aceman
	Comment 1 • 13 years ago

Do you see this also in Firefox 4 or newer?

	:aceman
	Comment 2 • 13 years ago

Ah, wrong bug. This probably still exists.

	:aceman
	Comment 3 • 13 years ago

This is a feature request to add better wording to the dialog.

	:aceman
	Comment 5 • 13 years ago

Ignore comment 1 and comment 2, they were posted here wrongly (they should cancel each other). This is not Bug 659736.
This bug does not argue whether the dialog decided incorrectly the cert is valid/exempted. The dialog decision is correct, just the reason for it is worded wrongly.

	Jonathan Gibert
	Comment 6 • 13 years ago

firefox 7.0.1 (fr) linux ubuntu

	Diego Ercolani
	Comment 7 • 13 years ago

Here I have the same problem with SuSE 12.1 and firefox 9.0.1. I added the dialog example screenshot. Dialod are in Italian but shows the "erroneus" behaviour of Firefox.
The selfsigned certificate is also expired because it belong to an UTM appliance (gibraltar).The dialog show "the certificate is valid so it isn't necessary to import" but I cannot browse the site

	Richard Ash
	Comment 9 • 13 years ago

To be clear, this bug seems to bite when the untrusted SSL certificate of a site you already have an exception for is upgraded.

1. Have a site with an untrusted certificate (e.g. a gadget with a HTTPS admin page)
2. The site certificate is signed by an internal CA which is not known to the browser
3. Access the gadget, get the expected error "The certificate is not trusted because no issuer chain was provided" (code sec_error_unknown_issuer)
4. Create and confirm an exception to allow access to the site
5. internal CA cert expires
6. site administrator generates new CA cert and signs new site certificate (same domain name, same private key)
7. Try to access the gadget, get the same error "The certificate is not trusted because no issuer chain was provided" (code sec_error_unknown_issuer) as expected
8. Click "Add Exception"
9. The "Add Security Exception" dialog shows: 
"Valid Certificate

This site provides valid verified identification.  There is no need to add an exception." and the "Confirm Security Exception" button is greyed out, so you cannot set the new exception.
10. As a result is is _impossible_ to access the gadget from Firefox - you cannot get past the certificate error. Using a different, newly installed browser (rekonq) you are able to add the exception and connect to the gadget fine.

	Richard Ash
	Comment 10 • 13 years ago

Using a brand new Firefox profile you can access the site (after first adding the exception), so it is definitely to do with stored exceptions.

Deleting all references to the domain in Edit > Preferences > Encryption > View Certificates does not fix the problem. Deleting cert8.db from the user profile doesn't either.

To get access to the sites which are locked out by this bug, the following seems to work:
1. Exit Firefox
2. Navigate into the profile directory
3. Move the following files to somewhere out of the way (in case you need them back):
cert8.db
cert_override.txt
Cache
OfflineCache
4. re-start Firefox 10.0.1. You will have to re-add all your exceptions, but it will now be possible to do so.