Firefox SSL Snafus in your homelab…
Like a lot people I don’t really do SSL Certificates for my “home”lab. They just to much of hassle especially if you reset your environment a lot. I guess I’m old-fashioned and think that SSL certs really only have a role to play with specific applications such as IPsec, VPN, https website and remote access tools like Horizon View. So whilst I’ve run my own private root CA for nearly 10 years, it generally only gets used for specific case – like when I want to show/document how to generate trusted certificates for View – for everything else there’s the ignore button. 🙂
Recently though this approach hasn’t been paying the dividends it used especially with technologies like vCloud Director, vCenter and Single-Sign-On. When I first coupled all three together with the virtual appliances everything worked out-of-the-box for me – the problem was Internet Explorer. Whenever the redirect from the vCloud Director SSL URL happened to the vCenter Web-Client SSL URL it would be unhappy.
ICK. Tried as I might to install these certificates to the store and make IE trust ’em, nothing doing. I guess you could say this is a good thing, because the browser is detecting an exploit that could easily be used by Phishing Pholks who enjoy fleecing people of their money. But it doesn’t really help me much.
For that reason I switch to our friend Mozilla FireFox which seems to handle the adding of untrusted certificates to its store gracefully. The only problem is what this post is all about. If you rebuild your lab environment with the SAME DNS/FQDNs FireFox won’t be happy. The new build will present a new certificate thumbprint – and when you type in the same URL different SSL certificate then it won’t be happy either:
By the way I like the “Get me out of here!” button, I only wish it said “Run Away” thus making a reference to Monty Python’s “Holy Grail” in a single stroke.
To fix this issue you must quest into the bowels of Mozilla FireFox deleting certificates that refer to your lab environment with your mighty sword – and this might be a bit weird but occasionally I’ve had to reboot in order to have it take it affect. Occasionally, this has me wondering if I should run FireFox in a ThinApp with read-only sandbox, so every time it shutdown its reset.