This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Detect and Warn About Self-Signed Certificate Changes

nnn
New member
‎01-21-2025 01:25 PM
Status: New idea

Feature Request: Detect and Warn About Self-Signed Certificate Changes

Problem
When users accept a self-signed HTTPS certificate, the browser trusts it indefinitely without verifying its integrity on subsequent connections. This creates a significant security risk, as users remain unaware if the certificate changes, potentially exposing them to man-in-the-middle attacks.

Solution
Implement a mechanism to store the fingerprint of accepted self-signed certificates. If the certificate changes in the future, the browser should immediately warn the user, similar to SSH host key verification.

Impact
This feature is critical for protecting users against silent attacks, ensuring they are alerted to potential compromises or unauthorized changes in trusted servers.

See more ideas labeled with:
Comment
1 Comment
Status changed to: New idea
Jon
Community Manager
Community Manager
‎01-21-2025 05:05 PM
‎01-21-2025 05:05 PM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Copyright © 2025 Khoros, LLC