Hey Roman,
The issue is that Firefox has internal verification of certificates.
To be more exact it has a very strict rules about the structure of the
firefox domain or any other related domains certificates.
I would disable auto-update of firefox for my desktop in any case.
If it as an issue which is not related only for one desktop then I would
have start by presenting the issue to firefox team.
They do have an IRC channel\room on a private server and once you have
consulted them the next step will be much smarter.
I would not run to "improve" ssl-bump certificate mimic and would prefer
to get help from the firefox team to prevent couple issues while
providing a usable solution.
There might be a firefox variable that can be changed in order to allow
your situation as exception.
Regards,
Eliezer
On 07/01/14 02:59, Roman Gelfand wrote:
I have an ssl bump setup with ssl_bump server-first all.
When firefox is attempting an update, end user gets error "something
is trying to trick firefox into accepting an insecure update".
From what I gathered, unless I am wrong, firefox doesn't like when
certificate changes in the middle.
In any case, is there a way to deal with this either specifically
bypassing ssl bump or something else?
Thanks in advance
