Overriding Security Certificate Errors in Zotero

jdpesicek
new computer using OSX 10.15 and I cannot override the security certificate. I've followed these instructions carefully:

https://www.zotero.org/support/kb/cert_override

I've requested help from IT and they couldn't get it to work either. I followed this process on my last computer using OSX 10.14 and got it to work, although that was for an older version of firefox and the instructions have since changed and become more complex and confusing. Perhaps I'm not doing the process exactly in the right order or exactly as intended? Is there a step-by-step recipe for dummies on how to do this, or other avenue for more support?

My only hope is this thread, or the last quote: "A future version of Zotero will support automatically using system root certificates." Otherwise, I may have to abandon zotero completely. any idea when this future version of Zotero will arrive?

many thanks
  • dstillman
    There's really not much more to say other than what's on that page. It explains exactly what you need to do.

    The only change from several years ago is that, as explained there, Firefox 63 on macOS started using the system root store, so it's no longer necessary under normal circumstances for IT departments that intercept secure connections to configure Firefox specifically. But since Zotero is based on Firefox 60, it still needs versions of those three files with the custom certificates installed, which means you have to temporarily force Firefox not to use the system store (or temporarily install Firefox 60 ESR with a new Firefox profile), configure it properly, and then copy the files.

    Your IT department is intercepting connections, so it's really their responsibility to fix this for you. It's no different from what they would've had to do for Firefox before Firefox 63.
    any idea when this future version of Zotero will arrive?
    It won't be before next year.
  • jdpesicek
    Hello, thanks for the response. I tried again to do this with the new clues you provided and now, after completing the process and opening zotero, it tells me to log in again. When I try to log in again, I get this error:

    api.zotero.org uses an invalid security certificate.

    The certificate is not trusted because the issuer certificate is unknown.
    The server might not be sending the appropriate intermediate certificates.
    An additional root certificate may need to be imported.

    Error code: SEC_ERROR_UNKNOWN_ISSUER

    My question is: is this progress or am I worse off now? Any advice? The response from my IT was basically to use a different product so I am on my own to get this to work.

    thanks,
    Jeremy
  • dstillman
    edited September 3, 2021
    That's just the same problem — that means you haven't properly imported your IT department's custom root certificate.
  • jdpesicek
    I finally got it to work! I just copied the old versions of these files from my old laptop over to the new one and it worked. Should have tried this sooner. I still don't understand why I couldn't do it the new way, but my zotero is saved for now. thanks
  • mmh-mv
    Consider the following line in cert_overwrite.txt
    127.0.0.1:443: OID.2.16.8...
    Just remove the colon after the port number to get it working
    127.0.0.1:443 OID.2.16.8...
  • mmh-mv
    As far as I understand, Zotero is based on Firefox. Isn't there already a mechanism to handle the certificate exceptions in the code? Why do we depend on Firefox?
Sign In or Register to comment.