You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

You are here: Mozilla Quality Assurance > Security Smoketest

Mozilla Security Smoketest

Thanks for helping test this first drop of crypto code in Mozilla. Please note that only SSL and IMAPS are implemented. Signed and encrypted mail is not yet supported.

If you find a bug, please report it.

Before you report a bug:

  • Please check the list of Known Security Issues
  • Remember to always follow the Bug Writing Guidelines.
  • If you're new to the Mozilla project and its bug tracking system Bugzilla, please use the Bugzilla Helper, a tool that helps you write good bugs.
  • For SSL bugs, the correct Bugzilla product is PSM, and the correct Component is Client Library.

Have a good SSL URL, or think this test needs to be beefed up? Send your contributions here.

If you're interested in getting involved in other testing projects, please look at our testing help wanted page, and the main Mozilla QA page. Thanks again for your help.

Start with a clean install of Mozilla

  • If you have previously installed Mozilla, please follow these instructions to remove Mozilla before installing M14.

Test the SSL Connection

Visit these SSL test sites:

In each case:

  • You should connect to a secure https server. (The URL should start with https).
  • The security icon in the lower, right-hand corner of your browser window should be an image of a closed lock.
  • Verify that Mozilla displays warnings as you enter a secure site (a site that has an "https://" URL).
  • Verify that Mozilla displays warnings as you leave secure site, and go to site that is not secure (one that doesn't begin with "https", such as "http" or "ftp").

Test Secure Commercial Web Sites

Try making a secure connection to several secure web sites. For e-commerce sites, put some stuff in your shopping cart, and proceed to the point where you have a secure connection.

Change Mozilla's security preferences

Select the Security Advisor item from the Tasks menu to display the Personal Security Manager.

  • Change your preferences for displaying security warnings, and verify that these changes do what you expect. For example, if you turn off all the warnings, Mozilla should not display warnings as you enter and leave secure sites.
  • Change the way the security manager chooses which certificate to use.
  • If you have multiple personal certificates, run the SSL Client Info Test for each of your certificates.

Test the Personal Security Manager UI

Select the Security Advisor item from the Tasks menu to display the Personal Security Manager.

  • Click on all of the tabs and all of the buttons. Verify that neither Mozilla nor the Personal Security Manager crash.
  • Click on every Help icon in the Security Advisor. Verify that the Help window opens, and that the text seems relevant.

Import a personal certificate

  • If you already have a personal certificate that works in a Netscape browser, you can import that certificate into Mozilla.
    • In Netscape's security dialog, under Certificates | Yours, select your new certificate and click the Export button.
    • Next, in Mozilla, select the Security Advisor item from the Tasks menu. Select the Certificates tab. The Mine pane has a Restore button that will allow you to import the certificate.
  • After you import your certificate, create a back up copy.
    • In the Security Advisor, select Certificates | Mine and click the Backup button.
  • If you don't already have a personal certificate:
    • Sign up for a free personal certificate from VeriSign.

      Use another browser to get the certificate. The type of certificate you want to get is the one for "VeriSign(TM) Class 1 Digital ID(SM) for Netscape Communicator or Netscape Navigator."

    • After you sign up, you will receive an e-mail message that will tell you how to get your personal certificate. Then export your certificate from Netscape, and import it into Mozilla, and back up your certificate. (Instructions above.)

If you have mutiple e-mail accounts set up in Mozilla, you might want to get multiple personal certificates. This will allow you to test being able select which certificate you would like to present.

2000-03-01: edited and updated, Christine Begle
2000-02-29: original document, John Unruh