Firefox 54 Stopped Trusting Self-Signed Certs

Question

With the recent upgrade of Firefox 54, my self-signed localhost SSL certificate stopped being trusted.

I\'ve been using a Firefox AutoConfigure script to in

Answer 1

Inspired by the answer of @tresf and based largely on the blogpost How to Create Your Own SSL Certificate Authority for Local HTTPS Development by Brad Touesnard, I created a set of commands using openssl.

# Generate the root key
openssl genrsa -des3 -out myCA.key 2048

# Generate a root-certificate based on the root-key
openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem

# Generate a new private key
openssl genrsa -out example.com.key 2048

# Generate a Certificate Signing Request (CSR) based on that private key
openssl req -new -key example.com.key -out example.com.csr

# Create a configuration-file
echo \
"authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com
"> example.com.conf

# Create the certificate for the webserver to serve
openssl x509 -req -in example.com.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out example.com.crt -days 1825 -sha256 -extfile example.com.conf

How to use these files

1. Let your CA be trusted by your browser/keychain

Add myCa.pem to your browser/keychain to trust certificates signed by your new root certificate

2. Sign requests with your certificate

Add example.com.crt and example.com.key to the configuration of your webserver to sign requests to your domain