Firefox 71 has a new Certificates Viewer
Mozilla plans to introduce a new Certificates Viewer in Firefox 71. The new viewer is enabled by default in recent Firefox Nightly builds already.
The majority of websites use the Uniform Resource Identifier scheme HTTPS to encrypt connections; more precisely, the communication protocol is encrypted using TLS or SSL. HTTPS protects against man-in-the-middle attacks and eavesdropping provided that the certificate that is used is trusted and that cipher suites without weaknesses are being used.
Internet users who want to verify certificates that sites use may use certificate viewers to do so. Firefox users have three options to do so:
- Right-click anywhere on the page and select Page Info. Switch to the Security tab and select View Certificate.
- Click on the icon next to the address, then on the arrow next on the next page close to the connection info part of the interface, then on More Info, and finally on View Certificate.
- Open the Developer Tools using F12, switch to Network, reload the page, and select the elements that you want to check. Switch to Security there to display certificate information.
These three methods will still be available when Firefox 71 is released on December 12, 2019.
Firefox's new Certificates Viewer
Mozilla plans to introduce the new Certificates Viewer in Firefox 71. Nightly is the only version of Firefox that is already at that version and users of the cutting edge version of Firefox may test the new Certificates Viewer already.
Tip: a preference is used to determine whether the old or new Certificates Viewer is launched when Firefox users select the option. You may edit the preference security.
The redesigned Certificates Viewer opens in its own tab in Firefox instead of its own window. The viewer users the about:certificate URI but you cannot open it without specifying a certificate. Mozilla developed it using modern web technologies and the open source WebExtension Certainly Something as its blueprint.
The native Certificates Viewer looks practically identical to the Firefox add-on; the only information bit that is missing is the handshake part that the extension displays on top of the certificates listing.
The Certificates Viewer displays all relevant information when you launch it including validity, fingerprint, public key, and issuer information. The switch to displaying certificate information in a tab ensures that information display well regardless of browser or screen size; additionally, since the display is not restricted anymore to the boundaries of the popup window that Firefox uses to display it currently, more information is displayed at the same time on the screen if the size of the tab is large enough for that.
Now You: do you use a Certificates Viewer in your browser of choice? What is your take on the new implementation?
I’ve just upgraded to Firefox 71 and all my self-signed certificates are indicated as “broken” and they are no longer offered as certificates to be chosen for websites. There were more changes than simply the viewer.
Two further links that I had included in my previous posting concerning SSleuth and Indicate TLS are missing. I give them here as reference again, i.e the text fragment “(see also: )” should point to https://github.com/sibiantony/ssleuth/issues/78 and “Indicate TLS ()” should link to https://addons.mozilla.org/en-US/firefox/addon/indicatetls/
I’ve been as well a user of Calomel before switching to Sleuth, before FF57 of course.
The IndicateTLS Firefox extension seems interesting, maybe with a greater extension than I first thought now that I dig a little more into its potential.
I’m still missing extensions that rate the grade of the SSL/TLS connection. My two favorite addons
Calomel SSL Validation
https://calomel.org/firefox_ssl_validation.html
and
SSleuth
https://github.com/sibiantony/ssleuth (see also: )
are not available on modern Firefox anymore. :-( Maybe “IndicateTLS () can fill the gap in the future. Is anyone aware of other alternatives to SSleuth or Calomel SSL validation?
I’ve been using the openssl command-line tool to retrieve the certificate from a web site and parse it that way. But it’s clumsy, even for a command-line native. This new viewer looks much better and is easy to use. If I understand the location bar correctly, I could even view local .crt files by simply pulling out the hex codes, stringing them together and then opening ‘about:certificate?cert=’+the_cert_string, which would be fantastic.
Good to see, well overdue.
A cert viewer is only useful to me when checking the strength of a ciphersuit before logging into a website, so to ascerain forward secrecy on my passwords is maintained.
I use my browser’s certificate viewer on occasion, to confirm that all is well when I’m changing or installing my own certs. The new viewer looks fine to me (the old viewer looked fine as well).
I want to remove “trusted” certificates like anything from china,netherlands,turkey etc. not only for the session, permanently from the browser. How should i do that?
Typo: “TSL”
Thank You!
It should be TLS (Transport Layer Security), not TSL.
Thank you!
I don’t know how to interpret a Certificate, hence no dedicated viewer, hence FF71 announced new Certificate Viewer would be as useful for me as getting into an aircraft’s cockpit.
I do understand the pertinence of secured connections, the fact that a Certificate may be baloney, but that’s about all. I use an extension which requires no knowledge and will only check the security status of secured sites, ‘CheckMyHTTPS’, but that won’t explain how to read an SSL Certificate, it’s just a tool.
I observe security inflation. After unsecured http the big thing was getting sites to https. Now we know that https is not enough, is not reliable, it may be spoofed. What’ll be next?
Why? Was anything wrong with the old viewer? How about fixing the “Print” function. That *is* severely broken!
@ Thor
People still print stuff? How quaint! I can’t remember the last time I printed something. Probably about the same time I last burned a DVD.
Yes, the old certificate viewer only showed about a third of a certificate’s information. It was missing very important information, such as CT log entries.
It was also contained in a tiny window dating from the early 2000s and depended on a bunch of XUL and other old code that was difficult to maintain.
@April King, I see on AMO that you’ve developed already together with Mozilla the ‘Certainly Something (Certificate Viewer)’ extension. Is it this very extension which is planned to be integrated natively in Firefox 71?
Yep, exactly. That’s the extension that is getting pulled into Firefox natively. :)