Description of problem: Firefox 3 is doing some really weird voodoo with self-signed wildcard SSL certificates. Now before the 'self-signed is a bad idea' lecture, I already know this, but they are really useful for testing before you get the real thing. Now the problem is, for testing a new concept setup of the Fedora Project website I created a self-signed wild card SSL certificate, '*.publictest10.fedoraproject.org' which is perfectly valid in every respect. When I go to 'https://be.publictest10.fedoraproject.org' the normal blocking screen comes up: "be.publictest10.fedoraproject.org uses an invalid security certificate. The certificate is not trusted because it is self signed." I click on the 'Add Exemption' button, get the certificate, verify it, notice it has CN=*.publictest10.fedoraproject.org, and confirm the exception. I THEN goto say https://bf.publictest10.fedoraproject.org and I get the _exact_ same message as when I first went to https://be... Going to Edit->Preferences->Advanced->Encryption->View Certificates->Servers I now have two entries, none of which have a 'Certificate Name' (which strikes me as odd) and only appear to apply to one server host name each. Version-Release number of selected component (if applicable): firefox-3.0-1.fc9.x86_64 How reproducible: Always Steps to Reproduce: Above Actual results: Above Expected results: One prompt per wild-card certificate, it's the same CN and everything. Additional info: I'm pretty certain this is a regression, I no longer have a machine with an earlier version of Firefox to test with though. If it's not a regression and actually 'hasn't been thought off' then my additional comments are: There is A LOT of blank space on that dialog, may be if the cert is a wildcard cert a Yellow box could appear basically saying 'Adding this exemption will apply to all addresses matching "*.certdomain.tld"'. But honestly, it's REALLY annoying for testing, and I know it's not something that most every day users are going to be exposed to but sometimes internally or for testing, a self-signed SSL certificate is all you need.
The new behaviour in firefox 3 is intentional. Each SSL cert exception is bound to a single hostname+port combination. If you really must, the solution is to add one exception for each hostname you require to connect to.