In Mozilla Firefox and Waterfox web browser, a message titled “This Connection is Untrusted” will be prompted when user is trying to visit a website or web page which presents an invalid, expired, self-signed or untrusted (i.e. not signed by trusted root with secure signature or intermediate CA cert not installed in browser) security certificate for SSL/TLS connection. As the result, the site’s identity cannot be verified, and Firefox warns that the connection may be tampered.

Firefox Security Exception

If you believe that the site is legitimate and trust the site, know that it doesn’t use a trusted identification or is using self-signed certificate, or sometimes you may just want or need to visit the web page, Firefox and Waterfox can add a security exception that allows you to visit the web page right away. The problem is that once the security exception is added, the web browser starts trusting the site’s security certificate permanently and forever.

If you have added a server’s security exception in Firefox or Waterfox just to override and bypass the security warning in order to visit a site, you can easily remove and revoke the server’s security exception.

  1. Go to Tools (press Alt to reveal menu bar or click on Menu icon on the top right corner) -> Options.
  2. Go to Advanced tab.
  3. Go to Certificates tab.
  4. Click on View Certificates button.
  5. Go to Servers tab.
  6. Select the server or website which you want to remove its security exception, and click Delete. Normally, the user manually added security exceptions are listed under (Unknown) category.

    Delete Security Exceptions

Once a security exception for a server is deleted, the usual security checks and identity verification against a trusted CA certificate applies.