Hi Julien, Currently there is no way to override that behavior. We're working on improving the situation in bug 1009161. See also bug 1054368 regarding a way to view the certificate for non-overridable errors. If you can get in touch with whoever administers the internal certificates, I would encourage them to take a look at https://wiki.mozilla.org/SecurityEngineering/x509Certs for information on how to create a certificate hierarchy that is compatible with RFC 5280.
David On 08/15/2014 12:47 AM, Julien Pierre wrote: > Brian, > > I just ran into the Netscape Cert Type critical extension issue with an > internal cert. > Is there an override setting to allow this cert to work in Firefox still ? > > IMO, the Firefox behavior is particularly bad, because Firefox won't > even let you look at the cert details to see what the problematic > extension is. I had to look at the cert details in Chrome (which still > uses libpkix) . > > Julien > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
