Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
kb:cert_override [2019/04/16 20:39]
dstillman
kb:cert_override [2020/04/07 09:20]
einsweniger add a short description on how to add the certificate to the profile directory
Line 1: Line 1:
-====== Security ​certificate errors ​in Zotero ====== ​+====== ​Overriding ​Security ​Certificate Errors ​in Zotero ====== ​
  
-**Note:** These instructions are only for use with security software that intercepts/​scans HTTPS connections,​ a WebDAV server with a self-signed certificate,​ or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:​ssl_certificate_error|understand the consequences]]. When in doubt please contact your network administrator or ISP.+**Note:** These instructions are only for use with security software that intercepts/​scans HTTPS connections,​ a WebDAV server with a self-signed certificate,​ or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:​ssl_certificate_error|understand the consequences]]. When in doubtplease contact your network administrator or ISP.
  
 Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates,​ so you will need to copy files from a working Firefox installation:​ Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates,​ so you will need to copy files from a working Firefox installation:​
  
   * If you are using a WebDAV server with a self-signed certificate,​ you can open the WebDAV URL in Firefox, accept the certificate,​ and then copy the cert_override.txt file from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]].   * If you are using a WebDAV server with a self-signed certificate,​ you can open the WebDAV URL in Firefox, accept the certificate,​ and then copy the cert_override.txt file from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]].
-  * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, you or your IT department will need to configure ​[[https://​ftp.mozilla.org/​pub/​firefox/​releases/​52.9.0esr/​|Firefox ​52 ESR]] for the custom CA in a new Firefox profile and then copy the cert8.db, key3.db, and secmod.db files from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Later versions of Firefox will produce a cert9.db file that won't work in the current version of Zotero. ​An upcoming Zotero release will support ​the newer format.)+  * If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, ​Zotero may need to be configured to accept the custom CA: 
 +    * **Windows:​** Zotero for Windows will automatically use the system root certificate store, which in most cases should allow it to work automatically like other browsers on the system. 
 +    * **Mac/​Linux**:​ Zotero is based on Firefox and uses the same certificate mechanism, so you or your IT department will need to configure Firefox for the custom CA in a new Firefox profile and then copy the cert9.db, key4.db, and secmod.db files from the [[http://​support.mozilla.com/​kb/​Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. (Prior to Zotero ​5.0.78, the cert8.db and key3.db files from Firefox 52 ESR were required.) 
 +      * To add the CA certificate to the certificate database yourself, you can try to use the [[https://​developer.mozilla.org/​en-US/​docs/​Mozilla/​Projects/​NSS/​tools/​NSS_Tools_certutil|nss certutil]]: <code bash>​certutil -A -d $ZOTERO_PROFILE_PATH -n $CA_NICKNAME -t C -i $CA_CERT_FILE</​code>​ 
 +        ​
  
 {{tag>kb }} {{tag>kb }}
kb/cert_override.txt · Last modified: 2020/04/07 09:20 by einsweniger