New Certificate Verification Library in Firefox 31

I just learned that Firefox 31 contains a new Certificate Verification Library.

If you are running into certificate errors with Firefox 31 that were not happening before, it is important that you report them as soon as possible.

It’s also important that you test your infrastructure as soon as possible.

More information about this change can be found in this blog post and this Wiki article.

More information about testing can be found in this Wiki article.

If you run into problems you can change the preference security.use_mozillapkix_verification to false and this will turn off the new verification.

This is not recommended, though, because the old code will be removed in Firefox 33, so we need to make sure we get any problems worked out.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

One thought on “New Certificate Verification Library in Firefox 31

  1. Note that there are some cases where the new library is stricter in checking certs, and esp. some custom or self-signed certs may fail to verify with those stricter (but correct) checks, those certs should be replaced with correct ones.