[GH-ISSUE #275] Firefox not working #178

New issue

Closed

opened 2026-02-25 22:32:48 +03:00 by kerem · 4 comments

kerem commented

2026-02-25 22:32:48 +03:00

Owner

Originally created by @ssuess on GitHub (Jul 3, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/275

All other browsers on my system work, but Firefox steadfastly refuses to. I have verified the following:

nss is installed (and was when I generated the certs a month ago)
The root CA was in the trusted authorities perms of Firefox (and I have uninstalled/reinstalled serveral times to no avail)
Chrome, Safari, Edge all work fine
I am on Mac OS 10.5.5
My Firefox version is 78.0.1 (64-bit)
Root CA is trusted in my login and system keychain

Error message given is:

Secure Connection Failed

An error occurred during a connection to stephen.xxxx.xxxx.net. PR_CONNECT_RESET_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

I have tried everything I can think of, any suggestions?

Originally created by @ssuess on GitHub (Jul 3, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/275 All other browsers on my system work, but Firefox steadfastly refuses to. I have verified the following: 1. nss is installed (and was when I generated the certs a month ago) 2. The root CA was in the trusted authorities perms of Firefox (and I have uninstalled/reinstalled serveral times to no avail) 3. Chrome, Safari, Edge all work fine 4. I am on Mac OS 10.5.5 5. My Firefox version is 78.0.1 (64-bit) 6. Root CA is trusted in my login and system keychain Error message given is: Secure Connection Failed An error occurred during a connection to stephen.xxxx.xxxx.net. PR_CONNECT_RESET_ERROR The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I have tried everything I can think of, any suggestions?

kerem

2026-02-25 22:32:48 +03:00

closed this issue
added the
TLS stack issue
label

kerem commented

2026-02-25 22:32:48 +03:00

Author

Owner

@FiloSottile commented on GitHub (Jul 3, 2020):

Hmm, what happens if you use the same certificate but a different server / TLS stack?

@FiloSottile commented on GitHub (Jul 3, 2020): Hmm, what happens if you use the same certificate but a different server / TLS stack?

kerem commented

2026-02-25 22:32:48 +03:00

Author

Owner

@ssuess commented on GitHub (Jul 3, 2020):

Well, I finally figured out what the problem is, but still don't understand why this only affects Firefox: I am routing my traffic through a proxy (using mac app proxifier and an ssh SOCKS5 tunnel over port 9999). If I stop routing FF through the tunnel, it will correctly load my site. What is odd is that this same proxy setup works just fine for all other browsers to load the cert and my site.

@ssuess commented on GitHub (Jul 3, 2020): Well, I finally figured out what the problem is, but still don't understand why this only affects Firefox: I am routing my traffic through a proxy (using mac app proxifier and an ssh SOCKS5 tunnel over port 9999). If I stop routing FF through the tunnel, it will correctly load my site. What is odd is that this same proxy setup works just fine for all other browsers to load the cert and my site.

kerem commented

2026-02-25 22:32:48 +03:00

Author

Owner

@FiloSottile commented on GitHub (Jul 3, 2020):

Maybe FF is using a different proxy protocol, or maybe its TLS stack does something different that the proxy doesn't like. The proxy might also be trying to verify the certificate if FF is not using TLS 1.3.

I think this is not something that mkcert can do anything about, but let us know if that's not the case!

@FiloSottile commented on GitHub (Jul 3, 2020): Maybe FF is using a different proxy protocol, or maybe its TLS stack does something different that the proxy doesn't like. The proxy might also be trying to verify the certificate if FF is not using TLS 1.3. I think this is not something that mkcert can do anything about, but let us know if that's not the case!

kerem commented

2026-02-25 22:32:48 +03:00

Author

Owner

@ssuess commented on GitHub (Jul 3, 2020):

In case anyone else is having this problem, I discovered a workaround. Instead of using my system wide proxy router (proxifier), I can use the built in Firefox proxy settings, and then add an exception for my mkcert local site ("no proxy for" list in the same "Network Settings/Connection Settings" area of Firefox.)

@ssuess commented on GitHub (Jul 3, 2020): In case anyone else is having this problem, I discovered a workaround. Instead of using my system wide proxy router (proxifier), I can use the built in Firefox proxy settings, and then add an exception for my mkcert local site ("no proxy for" list in the same "Network Settings/Connection Settings" area of Firefox.)

kerem referenced this issue

2026-02-25 22:33:25 +03:00

[PR #185] [CLOSED] Note sudo requirement #411

kerem referenced this issue

2026-02-25 22:33:41 +03:00

[PR #578] Make clear that root password prompt is coming from sudo, not mkcert #498