Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
kb:cert_override [2019/04/16 20:39]
dstillman
kb:cert_override [2020/01/16 05:50]
dstillman
Line 1: Line 1:
-====== Security ​certificate errors ​in Zotero ====== ​+====== ​Overriding ​Security ​Certificate Errors ​in Zotero ====== ​
  
-**Note:** These instructions are only for use with security software that intercepts/​scans HTTPS connections,​ a WebDAV server with a self-signed certificate,​ or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:​ssl_certificate_error|understand the consequences]]. When in doubt please contact your network administrator or ISP.+**Note:** These instructions are only for use with security software that intercepts/​scans HTTPS connections,​ a WebDAV server with a self-signed certificate,​ or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:​ssl_certificate_error|understand the consequences]]. When in doubtplease contact your network administrator or ISP.
  
 Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates,​ so you will need to copy files from a working Firefox installation:​ Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates,​ so you will need to copy files from a working Firefox installation:​
  
   * If you are using a WebDAV server with a self-signed certificate,​ you can open the WebDAV URL in Firefox, accept the certificate,​ and then copy the cert_override.txt file from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]].   * If you are using a WebDAV server with a self-signed certificate,​ you can open the WebDAV URL in Firefox, accept the certificate,​ and then copy the cert_override.txt file from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]].
-  * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, ​you or your IT department will need to configure ​[[https://​ftp.mozilla.org/​pub/​firefox/​releases/​52.9.0esr/​|Firefox ​52 ESR]] for the custom CA in a new Firefox profile and then copy the cert8.db, key3.db, and secmod.db files from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Later versions of Firefox will produce a cert9.db file that won't work in the current version of Zotero. ​An upcoming Zotero release will support ​the newer format.)+  * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, ​Zotero may need to be configured to accept the custom CA: 
 +    * **Windows:​** Zotero for Windows will automatically use the system root certificate store, which in most cases should allow it to work automatically like other browsers on the system. 
 +    * **Mac/​Linux**:​ You or your IT department will need to configure Firefox for the custom CA in a new Firefox profile and then copy the cert9.db, key4.db, and secmod.db files from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Prior to Zotero ​5.0.78, the cert8.db and key3.db files from Firefox 52 ESR were required.)
  
 {{tag>kb }} {{tag>kb }}
kb/cert_override.txt · Last modified: 2020/09/01 02:44 by dstillman