Remove special Firefox instructions in >=.NET 6 sections#33472
Remove special Firefox instructions in >=.NET 6 sections#33472
Conversation
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
|
I think these changes were probably prompted by a comment from me, but I can't recall the context. Would you happen to have a link or something? |
|
|
||
| <a name="trust-ff-linux"></a> | ||
|
|
||
| #### Trust the certificate with Firefox on Linux |
There was a problem hiding this comment.
Why delete, rather than update, this section? It seems like we could just tell people to run certutil as for Chromium.
There was a problem hiding this comment.
There's a note in an unedited part of this document (above) that says certutil is "legacy". I'm not sure why - maybe just the specific version linked?
There was a problem hiding this comment.
Above, where it says to run certutil twice, it should probably only be run once - with "P,," for Chromium or "C,," for Firefox.
There was a problem hiding this comment.
Why delete, rather than update, this section? It seems like we could just tell people to run
certutilas for Chromium.
Are the instructions different using certutil on FF different than for Chromium? If not, we'll make sure the Chromium instructions say Chromium and FF.
There was a problem hiding this comment.
There's a note in an unedited part of this document (above) that says
certutilis "legacy". I'm not sure why - maybe just the specific version linked?
the legacy comment is only for the the Red Hat Enterprise Linux tab
There was a problem hiding this comment.
Are the instructions different using certutil on FF different than for Chromium? If not, we'll make sure the Chromium instructions say Chromium and FF.
The two differences are the usage, as noted in my comment, and the location of the database. Otherwise, it should be the same.
|
|
|
||
| <a name="trust-ff-linux"></a> | ||
|
|
||
| #### Trust the certificate with Firefox on Linux |
There was a problem hiding this comment.
Why delete, rather than update, this section? It seems like we could just tell people to run
certutilas for Chromium.
Are the instructions different using certutil on FF different than for Chromium? If not, we'll make sure the Chromium instructions say Chromium and FF.
|
|
||
| <a name="trust-ff-linux"></a> | ||
|
|
||
| #### Trust the certificate with Firefox on Linux |
There was a problem hiding this comment.
There's a note in an unedited part of this document (above) that says
certutilis "legacy". I'm not sure why - maybe just the specific version linked?
the legacy comment is only for the the Red Hat Enterprise Linux tab
| ### Trust the certificate with Firefox on Linux | ||
|
|
||
| In some instances the Firefox browser uses its own certificate store, and therefore doesn't trust the [IIS Express](/iis/extensions/introduction-to-iis-express/iis-express-overview) or [Kestrel](xref:fundamentals/servers/kestrel) developer certificates and requires the following instructions. | ||
|
|
There was a problem hiding this comment.
@amcasey and @tdykstra I think in the FF section we should add something like the following:
In some instances theses instructions don't work with Firefox on Linux. See [Trust the HTTPS certificate with Firefox](https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0&tabs=visual-studio%2Clinux-ubuntu#trust-the-https-certificate-with-firefox-to-prevent-sec_error_inadequate_key_usage-error-1] for alternative instructions. The link goes back to .NET 5 and has all the previous instructions.
There was a problem hiding this comment.
AFAIK, the old instructions apply to old version of Firefox, rather than to old versions of .NET. If you're on a new enough .NET that --trust works, no Firefox-specific steps should be required. Otherwise, the instructions should be as for Chromium, but with "C,," and different locations.
Or maybe I've misunderstood your suggestion? I'm not entirely sure where in the document this text occurs.
There was a problem hiding this comment.
AFAIK, the old instructions apply to old version of Firefox, rather than to old versions of .NET. If you're on a new enough .NET that
--trustworks, no Firefox-specific steps should be required. Otherwise, the instructions should be as for Chromium, but with"C,,"and different locations.Or maybe I've misunderstood your suggestion? I'm not entirely sure where in the document this text occurs.
Great, we'll replace that with older versions of FF
|
|
||
| ### Trust the HTTPS certificate with Firefox to prevent SEC_ERROR_INADEQUATE_KEY_USAGE error | ||
|
|
||
| In some instances the Firefox browser uses its own certificate store, and therefore doesn't trust the [IIS Express](/iis/extensions/introduction-to-iis-express/iis-express-overview) or [Kestrel](xref:fundamentals/servers/kestrel) developer certificates and requires the following instructions. |
There was a problem hiding this comment.
This seems to overlap substantially with the following paragraph.
| ### Trust the certificate with Firefox on Linux | ||
|
|
||
| In some instances the Firefox browser uses its own certificate store, and therefore doesn't trust the [IIS Express](/iis/extensions/introduction-to-iis-express/iis-express-overview) or [Kestrel](xref:fundamentals/servers/kestrel) developer certificates and requires the following instructions. | ||
|
|
There was a problem hiding this comment.
AFAIK, the old instructions apply to old version of Firefox, rather than to old versions of .NET. If you're on a new enough .NET that --trust works, no Firefox-specific steps should be required. Otherwise, the instructions should be as for Chromium, but with "C,," and different locations.
Or maybe I've misunderstood your suggestion? I'm not entirely sure where in the document this text occurs.
|
Addressed by #33221 |
3 participants
Fixes #33230
Internal previews