Firefox notes
Contents
Type about:config into the address bar or get Configuration Mania.
about:config
Search for these options and modify or toggle them:
about:robots security.dialog_enable_delay = 0 browser.tabs.closeButtons = 3 # put tab close button on toolbar browser.sessionstore.max_tabs_undo = 30 browser.search.openintab = True # Searches in search bar open in new tab instead of current window browser.urlbar.clickSelectsAll = True # I can't decide which way I like better... layout.spellcheckDefault = 2 # Spellcheck one-line text fields as well as standard text area fields view_source.editor.external = True view_source.editor.path = /usr/bin/gvim
These options may need to be created:
content.switch.threshold = 1000000
Interesting... I need to research these more:
network.protocol-handler
Firefox 3 self-signed SSL cert handling was thought up by a dork
Error code: sec_error_untrusted_issuer
The author responds to the mass outcry against the new Firefox 3 UI for certificate warnings. Apparently he disagrees... with everybody. The people who have been complaining about this this are IT professionals and we understand the risk. We don't need a lecture on "Certificate Security for Dummies". We just want a "Expert" option somewhere in Firefox three to turn off this stupid "feature".
For example, take these guys:
https://savannah.gnu.org/bugs/?group=coreutils
(yeah, it's a cacert.org cert, so not quite as terrifying as a self-signed cert)
Manually circumventing self-signed certificate safety
There is a work around to set "expert" mode using the "about:config" interface. This makes the process a tiny bit less painful. This will still require two clicks where one click would do. Luckily, someone has created a Firefox 3 Add-on that fixes even this and makes accepting a certificate exception be a one-click process. Check out MitM Me. Unfortunately, the "MitM Me" Add-on is listed as "experimental" so you have to sign-up for a Mozilla account and login before you can download it.
Even "MitM Me" is not perfect, but this time because it's a little too insecure. You do get a warning page with a button to add an exception, but the problem is that you don't have a way to inspect the certificate. That's still good enough for me in most cases because the only time I'm going to want to actually inspect the certificate is when I'm debugging one of my own sites. If I'm going to my bank's site and I get this warning then I'm already not going to login; I'm going to close the browser no matter what the certificate says.
If you don't want to install the "MitM Me" Add-on there here are the "about:config" settings that you need to set to at least turn this into a two-click process:
browser.xul.error_pages.expert_bad_cert = true browser.ssl_override_behavior = 2 browser.xul.error_pages.enabled = true # this is the default, so it is probably already set true.
These settings are documented here: