Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
kb:cert_override [2019/04/16 20:39] – dstillman | kb:cert_override [2020/03/31 01:12] – dstillman |
---|
====== Security certificate errors in Zotero ====== | ====== Overriding Security Certificate Errors in Zotero ====== |
| |
**Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt please contact your network administrator or ISP. | **Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt, please contact your network administrator or ISP. |
| |
Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates, so you will need to copy files from a working Firefox installation: | Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates, so you will need to copy files from a working Firefox installation: |
| |
* If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. | * If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. |
* If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, you or your IT department will need to configure [[https://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/|Firefox 52 ESR]] for the custom CA in a new Firefox profile and then copy the cert8.db, key3.db, and secmod.db files from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Later versions of Firefox will produce a cert9.db file that won't work in the current version of Zotero. An upcoming Zotero release will support the newer format.) | * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, Zotero may need to be configured to accept the custom CA: |
| * **Windows:** Zotero for Windows will automatically use the system root certificate store, which in most cases should allow it to work automatically like other browsers on the system. |
| * **Mac/Linux**: Zotero is based on Firefox and uses the same certificate mechanism, so you or your IT department will need to configure Firefox for the custom CA in a new Firefox profile and then copy the cert9.db, key4.db, and secmod.db files from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Prior to Zotero 5.0.78, the cert8.db and key3.db files from Firefox 52 ESR were required.) |
| |
{{tag>kb }} | {{tag>kb }} |