Certification Manager Window

The Window/Best HTTP/Addons/TLS Security/Certification Window menu item (or CTRL+ALT+E shortcut) opens the addon's Certification Manager. Using this window certificates can be added, updated and deleted.

1
2
3
4
5

Trusted Root CAs

These are the basis of the trust chain, servers doesn't send root certificates the client must include the roots certificates of the accessed endpoints.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
  1. Reset URL: Reset the URL input back to its addon supplied url.

  2. URL Input: The URL that the addon going to download the certifications. The addon expects CSV formatted data, but the URL can point to a local file using the file:// protocol. The default URLs are pointing to Mozilla repositories.

  3. Download: Clicking on this button start the downloading, content parsing and loading process. Downloading the certificates already uses all verification implemented in the addon.

  4. Clear Before Download: Check to remove all non-locked and non-user added (if Keep Custom is checked) certificates before download.

  5. Clear: Remove all non-locked and non-user added (if Keep Custom is checked) certificates.

  6. Keep Custom: If set Clear buttons doesn't remove user added certificates.

  7. Add Custom: Add certificates from .cer, .pem and .p7b files.

  8. Delete Selected: Delete selected certificates. Locked certificates can't be deleted!

  9. Search Input: It can be used to search certificates by their Subject name. Minimum 3 characters needed.

  10. Help (?) Button: Opens a browser window to this manual.

  11. # Column: Index of the certificate.

  12. User Column: It has a ✔, if it's a user-added certificate.

  13. Lock Column: It has a ✔, if it's locked and can't be deleted. Currently only certificates needed to update from the default URL are locked.

  14. Subject Column: Subject field of the certificate.

  15. Issuer Column: Issuer field of the certificate.

  16. Certifications: Number of certifications displayed.

  17. Certificate Size Stats: Min, max, sum and average size of certificate data in bytes. This can help adjusting cache sizes.

  18. Status: Status of the last operation.

Notice

Double clicking on a row or hitting Enter while at least one row is selected dumps out certification information to the console.

Trusted Intermediate Certificates

Because servers can choose to not send intermediate certificates it's a good practice to bundle them too.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
  1. Reset URL: Reset the URL input back to its addon supplied url.

  2. URL Input: The URL that the addon going to download the certifications. The addon expects CSV formatted data, but the URL can point to a local file using the file:// protocol. The default URLs are pointing to Mozilla repositories.

  3. Download: Clicking on this button start the downloading, content parsing and loading process. Downloading the certificates already uses all verification implemented in the addon.

  4. Clear Before Download: Check to remove all non-locked and non-user added (if Keep Custom is checked) certificates before download.

  5. Clear: Remove all non-locked and non-user added (if Keep Custom is checked) certificates.

  6. Keep Custom: If set Clear buttons doesn't remove user added certificates.

  7. Add Custom: Add certificates from .cer, .pem and .p7b files.

  8. Delete Selected: Delete selected certificates. Locked certificates can't be deleted!

  9. Search Input: It can be used to search certificates by their Subject name. Minimum 3 characters needed.

  10. Help (?) Button: Opens a browser window to this manual.

  11. # Column: Index of the certificate.

  12. User Column: It has a ✔, if it's a user-added certificate.

  13. Lock Column: It has a ✔, if it's locked and can't be deleted. Currently only certificates needed to update from the default URL are locked.

  14. Subject Column: Subject field of the certificate.

  15. Issuer Column: Issuer field of the certificate.

  16. Certifications: Number of certifications displayed.

  17. Certificate Size Stats: Min, max, sum and average size of certificate data in bytes. This can help adjusting cache sizes.

  18. Status: Status of the last operation.

Notice

Double clicking on a row or hitting Enter while at least one row is selected dumps out certification information to the console.

Client Certificates

A client certificate can be associated with a domain. If the server asks for a client certificate during the TLS handshake, the client going to send it back.

1
2
3
4
5
6
7
8
  1. Add for domain: Clicking on it a Domain and File Selector window is shown. If the domain is filled and the certification file is selected clicking on the Ok button going to add the certification for the domain.

  2. Delete Selected: Delete selected domain-certificate associations.

  3. Help (?) Button: Opens a browser window to this manual.

  4. # Column: Index of the certificate

  5. Target Domain Column: The certificate sent only if it's requested for the target domain.

  6. Authority Column: Common Name or Organizational Unit Name from the certificate's Issuer field.

  7. Certifications: Number of certifications displayed.

  8. Certificate Size Stats: Min, max, sum and average size of certificate data in bytes. This can help adjusting cache sizes.

Clicking on the Add for domain button a new window opens to select the certification file and domain:

Domain and File Selector

Then, clicking on the Ok button depending on the type of certificate file a window to input the file's password might open:

PasswordForCertificate.png

Testing HTTP Requests

A basic GET request can be sent out for the given domain to test the current setup.

1
2
3
  1. Input field for the domain to test

  2. Send button

  3. Result of the request

Warning

Because of Connection Pooling a request that otherwise would fail can succeed if there's an already open connection to the domain!

Bottom Toolbar

1
2
  1. Name and version number of this addon

  2. Support e-mail