• caglararli@hotmail.com
  • 05386281520

Why are many US Department of Defense certificates not trusted by Firefox?

Çağlar Arlı      -    6 Views

Why are many US Department of Defense certificates not trusted by Firefox?

There are a number of US Department of Defense (DoD) websites that I need to access on a regular basis (e.g., https://ataaps.csd.disa.mil/ and https://web.mail.mil) that Firefox issues a Warning: Potential Security Risk Ahead with error code SEC_ERROR_UNKNOWN_ISSUER. Looking a little further, it says "Peer’s Certificate issuer is not recognized."

There seem to be some obvious reasons why the DoD would want to issue its own certificates (cf. Why would an organization like the DoD prefer to use its own Root Certificate(s)?) including that this way they are in charge of the security and not someone else and the cost is small since they need certificates for other things.

My question is from the opposite end and is NOT why does the DoD issue their own certificates, but rather why Firefox does not trust certificates for US government sites by default?

The more practical question is as adding exceptions for all sites whenever they are encountered without doing even a cursory glance seems like a bad practice, is there a way to globally add an additional CA (???) to make Firefox recognize the US DoD (or whoever is the problem) as a certificate issuer? Does this have drawbacks and open my machine up for additional attacks?