This project is read-only.

Certificate issue for users behind a proxy - workaround

Sep 19, 2012 at 8:55 PM
Edited Sep 19, 2012 at 8:57 PM

Here at work, our internet connection goes through a proxy which intercepts HTTPS requests and then re-encrypts them using a locally-generated certificate signed by a local certificate authority (CA). This doesn't present a problem for most apps, since the CA is a trusted root within Windows itself, but Firefox has its own OS-independent certificate store and management system, so GMusic, being Firefox-based, doesn't recognize the certificates. As a result, when I start the app, I get an error like: uses an invalid security certificate

The certificate is not trusted because the issuer certificate is not trusted.

(Error code: sec_error_untrusted_issuer)

There doesn't seem to be any way to directly manipulate the certificate store in the app... This would be a great feature to have, but I did figure out a workaround which may help others having this issue. If there's a simpler way to do this, please let me know! This is for Windows 7, but may help others with similar issues, I think the files you'll need should be the same or similar on any OS.

You'll need to have Firefox installed, and set up with the certificates you need in place. Specifically, you should have your local CA set up as a trusted root certificate (see Firefox's documentation for info on how to do that). To test, go to in Firefox. If you don't get any kind of certificate warning, you should be in OK shape.

Next, go to your user folder, usually c:\Users\[your user name]\, and navigate to AppData\Roaming\Mozilla\Firefox\Profiles. You may need to change your Windows settings to display hidden files and folders first. There should be a folder here named "[randomstring].default", where [randomstring] is 8 alphanumeric characters. Open that and copy the following three files: cert8.db, key3.db, and secmod.db.

Now all you have to do is copy those files to GMusic's profile folder. From your main user folder, go to AppData\Local\Geckofx\1.9\DefaultProfile. You should see copies of similarly-named files already... To be safe, you may want to make a backup copy of these files or rename them rather than overwriting them. Once you've pasted the files there, you should be able to start GMusic and reach a login screen successfully.