Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
kb:cert_override [2019/04/16 20:39] dstillman |
kb:cert_override [2020/04/07 09:20] einsweniger add a short description on how to add the certificate to the profile directory |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Security certificate errors in Zotero ====== | + | ====== Overriding Security Certificate Errors in Zotero ====== |
- | **Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt please contact your network administrator or ISP. | + | **Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt, please contact your network administrator or ISP. |
Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates, so you will need to copy files from a working Firefox installation: | Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates, so you will need to copy files from a working Firefox installation: | ||
* If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. | * If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. | ||
- | * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, you or your IT department will need to configure [[https://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/|Firefox 52 ESR]] for the custom CA in a new Firefox profile and then copy the cert8.db, key3.db, and secmod.db files from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Later versions of Firefox will produce a cert9.db file that won't work in the current version of Zotero. An upcoming Zotero release will support the newer format.) | + | * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, Zotero may need to be configured to accept the custom CA: |
+ | * **Windows:** Zotero for Windows will automatically use the system root certificate store, which in most cases should allow it to work automatically like other browsers on the system. | ||
+ | * **Mac/Linux**: Zotero is based on Firefox and uses the same certificate mechanism, so you or your IT department will need to configure Firefox for the custom CA in a new Firefox profile and then copy the cert9.db, key4.db, and secmod.db files from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Prior to Zotero 5.0.78, the cert8.db and key3.db files from Firefox 52 ESR were required.) | ||
+ | * To add the CA certificate to the certificate database yourself, you can try to use the [[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil|nss certutil]]: <code bash>certutil -A -d $ZOTERO_PROFILE_PATH -n $CA_NICKNAME -t C -i $CA_CERT_FILE</code> | ||
+ | | ||
{{tag>kb }} | {{tag>kb }} |