Certification Manager Window

The Window/Best HTTP/Addons/TLS Security/Certification Window menu item (or CTRL+ALT+E shortcut) opens the addon’s Certification Manager. Using this window certificates can be added, updated and deleted.

1
2
3
4
5

Trusted Root CAs

These are the basis of the trust chain, servers doesn’t send root certificates the client must include the roots certificates of the accessed endpoints.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

  1. Reset URL: Reset the URL input back to its addon supplied url.

  2. URL Input: The URL that the addon going to download the certifications. The addon expects CSV formatted data, but the URL can point to a local file using the file:// protocol. The default URLs are pointing to Mozilla repositories.

  3. Download: Clicking on this button start the downloading, content parsing and loading process. Downloading the certificates already uses all verification implemented in the addon.

  4. Clear Before Download: Check to remove all non-locked and non-user added (if `Keep Custom` is checked) certificates before download.

  5. Clear: Remove all non-locked and non-user added (if `Keep Custom` is checked) certificates.

  6. Keep Custom: If set Clear buttons doesn't remove user added certificates.

  7. Add Custom: Add certificates from .cer, .pem and .p7b files.

  8. Delete Selected: Delete selected certificates. Locked certificates can't be deleted!

  9. Search Input: It can be used to search certificates by their `Subject` name. Minimum 3 characters needed.

  10. Help (?) Button: Opens a browser window to this manual.

  11. # Column: Index of the certificate.

  12. User Column: It has a ✔, if it's a user-added certificate.

  13. Lock Column: It has a ✔, if it's locked and can't be deleted. Currently only certificates needed to update from the default URL are locked.

  14. Subject Column: Subject field of the certificate.

  15. Issuer Column: Issuer field of the certificate.

  16. Certifications: Number of certifications displayed.

  17. Certificate Size Stats: Min, max, sum and average size of certificate data in bytes. This can help adjusting cache sizes.

  18. Status: Status of the last operation.

Trusted Intermediate Certificates

Because servers can choose to not send intermediate certificates it’s a good practice to bundle them too.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

  1. Reset URL: Reset the URL input back to its addon supplied url.

  2. URL Input: The URL that the addon going to download the certifications. The addon expects CSV formatted data, but the URL can point to a local file using the file:// protocol. The default URLs are pointing to Mozilla repositories.

  3. Download: Clicking on this button start the downloading, content parsing and loading process. Downloading the certificates already uses all verification implemented in the addon.

  4. Clear Before Download: Check to remove all non-locked and non-user added (if `Keep Custom` is checked) certificates before download.

  5. Clear: Remove all non-locked and non-user added (if `Keep Custom` is checked) certificates.

  6. Keep Custom: If set Clear buttons doesn't remove user added certificates.

  7. Add Custom: Add certificates from .cer, .pem and .p7b files.

  8. Delete Selected: Delete selected certificates. Locked certificates can't be deleted!

  9. Search Input: It can be used to search certificates by their `Subject` name. Minimum 3 characters needed.

  10. Help (?) Button: Opens a browser window to this manual.

  11. # Column: Index of the certificate.

  12. User Column: It has a ✔, if it's a user-added certificate.

  13. Lock Column: It has a ✔, if it's locked and can't be deleted. Currently only certificates needed to update from the default URL are locked.

  14. Subject Column: Subject field of the certificate.

  15. Issuer Column: Issuer field of the certificate.

  16. Certifications: Number of certifications displayed.

  17. Certificate Size StatsMin, max, sum and average size of certificate data in bytes. This can help adjusting cache sizes.

  18. Status: Status of the last operation.

Client Certificates

A client certificate can be associated with a domain. If the server asks for a client certificate during the TLS handshake, the client going to send it back.

1
2
3
4
5
6
7
8

  1. Add for domain: Clicking on it a `Domain and File Selector` window is shown. If the domain is filled and the certification file is selected clicking on the *Ok* button going to add the certification for the domain.

  2. Delete Selected: Delete selected domain-certificate associations.

  3. Help (?) Button: Opens a browser window to this manual.

  4. # Column: Index of the certificate

  5. Target Domain Column: The certificate sent only if it's requested for the target domain.

  6. Authority Column: *Common Name* or *Organizational Unit Name* from the certificate's Issuer field.

  7. Certifications: Number of certifications displayed.

  8. Certificate Size Stats: Min, max, sum and average size of certificate data in bytes. This can help adjusting cache sizes.

Clicking on the Add for domain button a new window opens to select the certification file and domain:

Domain and File Selector

Then, clicking on the Ok button depending on the type of certificate file a window to input the file’s password might open:

PasswordForCertificate.png

Testing HTTP Requests

A basic GET request can be sent out for the given domain to test the current setup.

1
2
3

  1. Input field for the domain to test

  2. Send button

  3. Result of the request

Bottom Toolbar

1
2

  1. Name and version number of this addon

  2. Support e-mail