I followed the process of copying my whole .mozilla hidden folder (after first renaming the one created by firefox) from my old F38 system to my new F41 system.
Seems to work. Probably brought along all sorts of old cruft that might have been better lost.
One problem though.
On starting Firefox after installing the new .mozilla folder, I got a page opened:
https://www.mozilla.org/en-US/firefox/welcome/25/
Warning me that Firefox will BREAK on Mar 14, 2025 due to expiring certs.
Will this be fixed automagically on a Firefox update or is there some specific file(s) to copy from that renamed .mozilla folder?
thanks
On 26 Feb 2025, at 16:37, Robert Moskowitz rgm@htt-consult.com wrote:
On starting Firefox after installing the new .mozilla folder, I got a page opened:
https://www.mozilla.org/en-US/firefox/welcome/25/
Warning me that Firefox will BREAK on Mar 14, 2025 due to expiring certs.
Will this be fixed automagically on a Firefox update or is there some specific file(s) to copy from that renamed .mozilla folder?
Following your link through to the explanation it says you need at least version 128 of firefox. Fedora in f41 is shipping version 135. So it is not a problem.
my guess is some where in your .mozilla is a setting that triggers this warning.
Barry
On 2/27/25 3:19 AM, Barry wrote:
On 26 Feb 2025, at 16:37, Robert Moskowitz rgm@htt-consult.com wrote:
On starting Firefox after installing the new .mozilla folder, I got a page opened:
https://www.mozilla.org/en-US/firefox/welcome/25/
Warning me that Firefox will BREAK on Mar 14, 2025 due to expiring certs.
Will this be fixed automagically on a Firefox update or is there some specific file(s) to copy from that renamed .mozilla folder?
Following your link through to the explanation it says you need at least version 128 of firefox. Fedora in f41 is shipping version 135. So it is not a problem.
my guess is some where in your .mozilla is a setting that triggers this warning.
I figure that is what happened. But how to update the cert file? Which one is it or will the next firefox update replace it?
Well some asking Dr. Google...
On 27 Feb 2025, at 10:39, Robert Moskowitz rgm@htt-consult.com wrote:
But how to update the cert file? Which one is it or will the next firefox update replace it?
I would have assumed that the cert is shipped with firefox itself.
Barry
On 2/27/25 8:17 AM, Barry wrote:
On 27 Feb 2025, at 10:39, Robert Moskowitz rgm@htt-consult.com wrote:
But how to update the cert file? Which one is it or will the next firefox update replace it?
I would have assumed that the cert is shipped with firefox itself.
There is a signed trust list that every browser vendor provides. It gets updated whenever a new cert is add. It possible is included in each update even when not changed.
But it is there, I just have to find the one that was installed when I built the system and copy it over the old cruft I moved over.
Tahar ElGamal, a student of Rivest at MIT, holds the patent (long expired) on SSL and the approach of a trust list of root certs. He was one of my mentors a few decades ago. His SSL got us off ground zero and gave us a path for deploying X509 certs for trust-building. I have been in countless discussions of the various approaches to trust. I myself am the author of the Bridge CA model (circa '98) used in a few PKIs.
This doesn't mean I cannot shoot myself in the foot at times, overlaying the new list with an old one!
It is SO EASY!!! to step in the do-do.
As Robert Frost said so well:
"The woods are lovely, dark and deep, But I have promises to keep, And miles to go before I sleep, And miles to go before I sleep."
On Thu, Feb 27, 2025 at 9:31 AM Robert Moskowitz rgm@htt-consult.com wrote:
On 2/27/25 8:17 AM, Barry wrote:
On 27 Feb 2025, at 10:39, Robert Moskowitz rgm@htt-consult.com wrote:
But how to update the cert file? Which one is it or will the next firefox update replace it?
I would have assumed that the cert is shipped with firefox itself.
There is a signed trust list that every browser vendor provides. It gets updated whenever a new cert is add. It possible is included in each update even when not changed.
See https://wiki.mozilla.org/CA/Included_Certificates and friends.
And follow the link to the "... documented on a best effort basis [sic]", and pay attention to DistrustAfter. Browsers use DistrustAfter to include CAs that have been kicked out of the Root Store programs, like Entrust. See https://wiki.mozilla.org/CA/Additional_Trust_Changes.
But it is there, I just have to find the one that was installed when I built the system and copy it over the old cruft I moved over.
Tahar ElGamal, a student of Rivest at MIT, holds the patent (long expired) on SSL and the approach of a trust list of root certs. He was one of my mentors a few decades ago. His SSL got us off ground zero and gave us a path for deploying X509 certs for trust-building. I have been in countless discussions of the various approaches to trust. I myself am the author of the Bridge CA model (circa '98) used in a few PKIs.
This doesn't mean I cannot shoot myself in the foot at times, overlaying the new list with an old one!
Jeff
Robert Moskowitz rgm@htt-consult.com wrote:
But how to update the cert file? Which one is it or will the next firefox update replace it?
Barry:
I would have assumed that the cert is shipped with firefox itself.
Though I would have presumed it came with the browser, they're quite self-contained these days.
I'd been looking at updating Firefox on this old CentOS box while I decide what to do with it (*). The only option is to download a tarball and manually unpack it to somewhere (I put it in /opt), that bit's not easy enough. But it only has an import settings from another browser option for other (non-Firefox browsers). And I don't see any profile chooser options anywhere, so it'd be manual faffing around to get it to use my old profile (with bookmarks, stored passwords, history, etc).
* I really DO NOT want any OS that requires replacing every year. That's a major pain!
On Wed, 2025-02-26 at 11:36 -0500, Robert Moskowitz wrote:
On starting Firefox after installing the new .mozilla folder, I got a page opened:
https://www.mozilla.org/en-US/firefox/welcome/25/
Warning me that Firefox will BREAK on Mar 14, 2025 due to expiring certs.
Did the web browser send you there by itself, or did some other website reject your browser and send you there?
On 2/27/25 4:19 AM, Tim via users wrote:
On Wed, 2025-02-26 at 11:36 -0500, Robert Moskowitz wrote:
On starting Firefox after installing the new .mozilla folder, I got a page opened:
https://www.mozilla.org/en-US/firefox/welcome/25/
Warning me that Firefox will BREAK on Mar 14, 2025 due to expiring certs.
Did the web browser send you there by itself, or did some other website reject your browser and send you there?
I have ~20 Firefox windows open all with at least 4 tabs, some with a dozen. I do close those that have some script that eats processors for lunch.
So when I rebooted, firefox autostarted and one of the windows ended up adding this tab. Thus anyone's guess why.
Just have to search to find out what file to replace.
And given the decades that I have worked on PKIX and X.509 (and now c509), I well understand trust root lists.
Friday there was an update to Firefox. Bunch of other stuff as well and this evening my system failed to come out of suspend (I suspend every Friday afternoon until Sat night). So a cold start, and Firefox starting up had its new list from that update, it seems.
So no dire warnings from Firefox on restart. Good to know that a new trust list was distributed with the update.
On 2/26/25 11:36 AM, Robert Moskowitz wrote:
I followed the process of copying my whole .mozilla hidden folder (after first renaming the one created by firefox) from my old F38 system to my new F41 system.
Seems to work. Probably brought along all sorts of old cruft that might have been better lost.
One problem though.
On starting Firefox after installing the new .mozilla folder, I got a page opened:
https://www.mozilla.org/en-US/firefox/welcome/25/
Warning me that Firefox will BREAK on Mar 14, 2025 due to expiring certs.
Will this be fixed automagically on a Firefox update or is there some specific file(s) to copy from that renamed .mozilla folder?
thanks
-
Barry -
Jeffrey Walton -
Robert Moskowitz -
Tim