How can I add a certificate exception for an HSTS-protected site in Firefox?

8

1

I'm extremely irritated with Firefox's constantly blocking lastpass.com . It is a well known website that stores all my passwords. I need that website to access hundreds of websites.

Side note: Please don't reply back with "you should save your passwords offline" because I decide how I want to manage my passwords. Life is extremely stressful already. Don't add to my stress by giving me crummy advice of storing my passwords offline. It's not practical. I can't carry my notebook everywhere. Services like lastpass are there for a reason.

Here is a screenshot of what I'm seeing:

Screenshot of Firefox blocking website

If the above image is not large enough please right click on image and choose "open image in new tab".

Can someone please tell me how to bypass this problem so that I can get on with my work?

Ideally I would like to disable this cough retarded cough feature in Firefox itself. If that's not possible then I would like to somehow ignore this exception so that lastpass addon can start accessing it's parent site and I can get on with my work.

Mugen

Posted 2016-04-18T13:16:14.767

Reputation: 626

I had similar problems with other sites, which was solved by changing my internet security settings (in my case Kaspersky) - nothing to do with Firefox itself. – AFH – 2016-04-18T13:25:54.003

It works fine here, so it can't be Firefox blocking it. Try again after disabling any Firefox extensions, and also check your firewall/antivirus settings. – DavidPostill – 2016-04-18T13:27:06.643

Edited title to more closely reflect the question. Should be noted that it's blocking the site in the same way that you'd go "I don't know you!" if some random stranger walked up to you claiming to be your father - i.e. it's not "well-known" because it's misidentifying itself (or something on your network is changing the identification). – Bob – 2016-04-18T17:39:53.073

1Also, before you proceed in adding an exception... make sure you know why this message is appearing. Make sure you know who actually issued the certificate you're adding an exception for (corporate proxy? your company?). Otherwise, there's a very good chance that it's a malicious MitM attacker who will get access to all your passwords because you've intentionally disabled the security mechanism protecting you from interception. (I'm assuming here that Lastpass hasn't misconfigured their intermediate certificates.) – Bob – 2016-04-18T17:42:47.527

I don't know why this question was down voted. I believe it is clearly worded, it shows sufficient research effort (I think on my screenshot you even have other tabs/google search to show I searched). The only reason I can make out for the down-vote is because I called it a retarded feature. Funny. I wonder how other people would post the question after they've wasted several hours being blocked in their work trying to restore a very basic functionality back to their browsers. – Mugen – 2016-04-19T06:26:13.493

1@Mugen I can certainly understand the frustration, but it's best if we try to keep questions as focused on the problem as possible rather than going into less-relevant rants. That said, I haven't voted either way on this. – Bob – 2016-04-19T10:25:09.957

@Bob I understand what you mean but I did keep the focus on the question. The question is complete. It contains all information required to be answered. It's well defined and if anyone reads this question he should be able to upvote answers according to the relevancy. Just because I ranted doesn't mean that my entire question itself is not clear or irrelevant. It's a weird "rant-o-phobia" that I see all across the stackexchange sites. Nevertheless, I am happy that my question got answered and I finished dealing with this problem. Also, thanks for taking the time to reply to my comment. :) – Mugen – 2016-04-19T11:08:00.273

Answers

5

I am going to prefix this answer by saying the following. The only reason you would be getting this error is because you’re using a proxy, which effectively means, all secure http traffic is going through the proxy itself.

Based on phyrfox's over at Information Security you can do the following.

You can disable HSTS by introducing a new configuration variable. First, go to the Firefox configuration page (about:config), right-click, choose "New Integer", then provide the name "test.currentTimeOffsetSeconds" (no quotes) with a value of 11491200. This should bypass HSTS, although you may also need to clear the Cache and Active Logins in the Clear Recent History dialog (Ctrl-Shift-Del).

This apparently works because of a function called GetPreloadListEntry that checks to see if the current time is less than the next list expiration time; since the time is effectively calculated to be later than the expiration time, no check is performed. This effectively disables HSTS checks.

Can HSTS be disabled in Firefox?

Ramhound

Posted 2016-04-18T13:16:14.767

Reputation: 28 517

I should add this likely will not fix the add-on itself but it will allow you to access any website which enforces HSTS, this also means, you won't be notified of a problem in the future. Your add-on problem requires your network be configured differently – Ramhound – 2016-04-18T17:18:23.437

1Please take heed of Bob's comment. There is a reason you are getting this warning message. Now you are welcome to ignore it, by performing this work around, but it will apply to ALL websites. this effectively disables HSTS enforcement within Firefox – Ramhound – 2016-04-18T19:47:34.190

This is a great answer! When I tried it out I was getting a Firefox dialog popup. To anyone else who's trying out this solution, if you get a javascript popup on accessing your blocked site then it means you need to reset your Firefox config to it's default values. Just do a Firefox "refresh" aka Help> Troubleshooting > Refresh profile and then try out the solution given above. It works perfectly. You still get the warning but now you have the option of adding an exception too. @Ramhound Thanks a lot for answering! – Mugen – 2016-04-19T06:24:20.430

Asked: 2016-04-18T13:16:14.767

Viewed: 11 309 times

Active: 2019-01-21T01:46:59.793