Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
kb:cert_override [2023/10/17 14:23] – [Overriding Security Certificate Errors in Zotero] dstillmankb:cert_override [2024/04/09 02:18] – [Zotero 7 (beta)] dstillman
Line 3: Line 3:
 **Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt, please contact your network administrator or ISP. **Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt, please contact your network administrator or ISP.
 ===== Self-Signed Certificate ===== ===== Self-Signed Certificate =====
 +
 +Zotero does not currently provide a graphical way to whitelist self-signed certificates, so you will need to copy files from a working Firefox installation.
  
 If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]]. If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]].
Line 12: Line 14:
 <code>192.168.xxx.xxx:1234    OID.2.16…    1D:E4:07:…    U    AAAA…</code> <code>192.168.xxx.xxx:1234    OID.2.16…    1D:E4:07:…    U    AAAA…</code>
  
-If you create an override file with a newer version of Firefox, your cert_override.txt file may contain a line with a trailing colon after the port number ("1234" in this example) and may be missing a letter before "AAAA" ("U" in the above example):+If you create an override file with a newer version of Firefox, your cert_override.txt file may contain a line with a trailing colon after the port number ("1234" in this example) and may be missing one or more letters before "AAAA" ("U" in the above example):
  
 <code>192.168.xxx.xxx:1234:    OID.2.16…    1D:E4:07:…    AAAA…</code> <code>192.168.xxx.xxx:1234:    OID.2.16…    1D:E4:07:…    AAAA…</code>
  
-To use such a file in Zotero 6, strip the colon from after the port number and add a "U" before "AAAA". +To use such a file in Zotero 6, strip the colon from after the port number and add a "U" (untrusted cert) before "AAAA"To allow for a hostname mismatch, add "M".
 ==== Zotero 7 (beta) ==== ==== Zotero 7 (beta) ====
  
-Zotero 7 can read a cert_override.txt file from at least Firefox 102.+Zotero 7 can currently read a cert_override.txt file from Firefox 115 ESR. A file from a later version of Firefox may or may not work.
 ===== Custom Certificate Authority ===== ===== Custom Certificate Authority =====
 If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, Zotero may need to be configured to accept the custom CA: If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, Zotero may need to be configured to accept the custom CA:
kb/cert_override.txt · Last modified: 2024/05/10 03:35 by dstillman