cert_override.txt
is a text file generated in the user profile to store certificate exceptions specified by the user. This file is used by Firefox, Thunderbird, and other XUL-based applications.
Since there is no way to add easily an exception in a XULRunner 1.9 project, you can open the page in Firefox, accept the certificate, then copy the
to the XULRunner application profile.cert_override.txt
The syntax is described on this web site.
Example
Here is an example for a SHA1-256 hash algorithm. The key and the website are not valid:
# PSM Certificate Override Settings file # This is a generated file! Do not edit. some.website.com:443 OID.2.16.840.1.101.3.4.2.1 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:FF:EE:DD:CC:BB:AA:99:88:77:66:55:44:33:22:11:00 U AAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAA==
Fields
Fields are separated by a tab character. Each line is terminated by a line feed character (UNIX format).
- domainname:port : port 443 for HTTPS (SSL)
- hash algorithm OID
- SHA1-256: OID.2.16.840.1.101.3.4.2.1 (most used)
- SHA-384: OID.2.16.840.1.101.3.4.2.2
- SHA-512: OID.2.16.840.1.101.3.4.2.3
- Certificate fingerprint using previous hash algorithm
- One or more characters for override type:
- M : allow mismatches in the hostname
- U : allow untrusted certs (whether it's self signed cert or a missing or invalid issuer cert)
- T : allow errors in the validity time, for example, for expired or not yet valid certs
- Certificate's serial number and the issuer name as a base64 encoded string