SecurityEngineering/Public Key Pinning/SiteOperators: Difference between revisions

Jump to navigation Jump to search

SecurityEngineering/Public Key Pinning/SiteOperators (view source)

Revision as of 20:40, 29 February 2016

1 byte added ,  29 February 2016
→‎How can you test your pins?: Replace appspot test url with https://pinning-test.badssl.com/
(→‎How can you test your pins?: Replace appspot test url with https://pinning-test.badssl.com/)
Line 14: Line 14:
# Install desktop Firefox 32 or later.
# Install desktop Firefox 32 or later.
# Go to about:config and make sure that security.cert_pinning.enforcement_level = 1 (allow user-specified trust anchors to override pinning checks) or 2 (strict mode). There is an additional enforcement level, 3, for enforcing test pins if you'd like to enable that instead. Normally test pins are used only for counting pin violations, but not actually enforcing them. You will have to coordinate with the pinning team in order to verify which of your pins are in test mode, and which are in production mode.
# Go to about:config and make sure that security.cert_pinning.enforcement_level = 1 (allow user-specified trust anchors to override pinning checks) or 2 (strict mode). There is an additional enforcement level, 3, for enforcing test pins if you'd like to enable that instead. Normally test pins are used only for counting pin violations, but not actually enforcing them. You will have to coordinate with the pinning team in order to verify which of your pins are in test mode, and which are in production mode.
# Visit https://pinningtest.appspot.com to make sure you see a warning.
# Visit https://pinning-test.badssl.com/ to make sure you see a warning.
# Visit all your sites!
# Visit all your sites!


== What platforms does this affect? ==
== What platforms does this affect? ==
Official Firefox Desktop only. We may enable this for Fennec in a future release, once we learn best operational practices on Desktop. We don't have a plan for b2g right now.
Official Firefox Desktop only. We may enable this for Fennec in a future release, once we learn best operational practices on Desktop. We don't have a plan for b2g right now.
Dkeeler
Confirmed users
299

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1119187"

Navigation menu