Differences

This shows you the differences between two versions of the page.

--- kb:cert_override [2023/10/17 14:23] – [Custom Certificate Authority] dstillman
+++ kb:cert_override [2024/04/09 02:18] (current) – [Zotero 7 (beta)] dstillman
@@ Line 2: / Line 2: @@
 **Note:** These instructions are only for use with security software that intercepts/scans HTTPS connections, a WebDAV server with a self-signed certificate, or an institutional network that monitors encrypted traffic using a custom root certificate authority (CA). You should never override certificate errors unless you [[kb:ssl_certificate_error|understand the consequences]]. When in doubt, please contact your network administrator or ISP.
+===== Self-Signed Certificate =====
-Zotero does not currently provide a graphical way to whitelist self-signed certificates or custom root certificates, so you will need to copy files from a working Firefox installation.
+Zotero does not currently provide a graphical way to whitelist self-signed certificates, so you will need to copy files from a working Firefox installation.
-===== Self-Signed Certificate =====
 If you are using a WebDAV server with a self-signed certificate, you can open the WebDAV URL in Firefox, accept the certificate, and then copy the cert_override.txt file from the [[http://support.mozilla.com/kb/Profiles|Firefox profile directory]] to the [[profile directory|Zotero profile directory]].
@@ Line 15: / Line 14: @@
 <code>192.168.xxx.xxx:1234    OID.2.16…    1D:E4:07:…    U    AAAA…</code>
-If you create an override file with a newer version of Firefox, your cert_override.txt file may contain a line with a trailing colon after the port number ("1234" in this example) and may be missing a letter before "AAAA" ("U" in the above example):
+If you create an override file with a newer version of Firefox, your cert_override.txt file may contain a line with a trailing colon after the port number ("1234" in this example) and may be missing one or more letters before "AAAA" ("U" in the above example):
 <code>192.168.xxx.xxx:1234:    OID.2.16…    1D:E4:07:…    AAAA…</code>
-To use such a file in Zotero 6, strip the colon from after the port number and add a "U" before "AAAA".
+To use such a file in Zotero 6, strip the colon from after the port number and add a "U" (untrusted cert) before "AAAA". To allow for a hostname mismatch, add "M".
 ==== Zotero 7 (beta) ====
-Zotero 7 can read a cert_override.txt file from at least Firefox 102.
+Zotero 7 can currently read a cert_override.txt file from Firefox 115 ESR. A file from a later version of Firefox may or may not work.
 ===== Custom Certificate Authority =====
 If you or your organization is using a custom certificate authority, which can be the case when using security software or connecting via a proxy server, Zotero may need to be configured to accept the custom CA: