Security certificate override with cert9.db?

My office uses palo alto, so I've got proxy//cert problems (Zotero won't sync). I've been working with our IT folks and have pointed them here:

https://www.zotero.org/support/kb/ssl_certificate_error

and here:

https://www.zotero.org/support/kb/cert_override

and I've tried doing the override. They have provided me with .crt files, which I've tried placing in the zotero profile directory (https://www.zotero.org/support/kb/profile_directory), with no luck. I've also tried copying the cert8.db file in my firefox profile to my zotero profile directory, but there is also a cert9.db file so I'm assuming this statement applies "(Later versions of Firefox will produce a cert9.db file that won't work in the current version of Zotero. An upcoming Zotero release will support the newer format.)" Firefox version is 61.0.2.

Am I stuck because FF is using the cert9.db? Is there another solution that I and my IT folks are missing that they might be able to apply?

Thanks in advance for any pointers.

Tim
  • Yeah, it's just what it says on the cert_override page — for the moment you'd need to copy the files from a working Firefox 52 ESR installation.

    We're hoping to have a beta version that will support the cert9.db format within the next couple weeks.
  • Thanks so much for your reply. I think I finally am understanding the full picture. Just so I'm absolutely clear:

    - There's nothing my IT folks here can do on the web-traffic side except allow this particular traffic to bypass the interception. Which of course they won't do.

    - Once someone (myself or IT) gets a working version of FireFox 52 ESR running, we can copy the cert8.db to any computer here and Zotero should be happy with it.

    Are there other possible scenarios?

    (and thanks for noting the possible timing for the beta version supporting cert9.db)

    Best,
    Tim
  • If you're on Windows, running Firefox Portable Legacy 52 should be relatively quick and easy.
  • @noksagt, thanks. I got it with a full install. Yay! It is true I can pass this working cert8.db around, right?
  • Yeah, that should be fine.
Sign In or Register to comment.