You are here: Mozilla Quality Assurance > Security Smoketest
Mozilla Security Smoketest
Thanks for helping test this first drop of crypto code in Mozilla. Please note that only SSL and IMAPS are implemented. Signed and encrypted mail is not yet supported.
If you find a bug, please report it.
Before you report a bug:
- Please check the list of Known Security Issues
- Remember to always follow the Bug Writing Guidelines.
- If you're new to the Mozilla project and its bug tracking system Bugzilla, please use the Bugzilla Helper, a tool that helps you write good bugs.
- For SSL bugs, the correct Bugzilla product is PSM, and the correct Component is Client Library.
Have a good SSL URL, or think this test needs to be beefed up? Send your contributions here.
If you're interested in getting involved in other testing projects, please look at our testing help wanted page, and the main Mozilla QA page. Thanks again for your help.
Start with a clean install of Mozilla
- If you have previously installed Mozilla, please follow these instructions to remove Mozilla before installing M14.
Test the SSL Connection
Visit these SSL test sites:
- SSL check at fortify.net.
- SSL Client Info Test presents you with a new certificate, and asks for your personal certificate.
- SSL Connection Test at modssl.org.
In each case:
- You should connect to a secure https server. (The URL should start with https).
- The security icon in the lower, right-hand corner of your browser window should be an image of a closed lock.
- Verify that Mozilla displays warnings as you enter a secure site (a site that has an "https://" URL).
- Verify that Mozilla displays warnings as you leave secure site, and go to site that is not secure (one that doesn't begin with "https", such as "http" or "ftp").
Test Secure Commercial Web Sites
Try making a secure connection to several secure web sites. For e-commerce sites, put some stuff in your shopping cart, and proceed to the point where you have a secure connection.
- Your online bank
- Your online broker
- Your web e-mail account
- Amazon.com or Barnes & Noble
- Other online shops or secure sites that are important to you
- Verisign.com's secure server
- Thawte.com's secure server
Change Mozilla's security preferences
Select the Security Advisor item from the Tasks menu to display the Personal Security Manager.
- Change your preferences for displaying security warnings, and verify that these changes do what you expect. For example, if you turn off all the warnings, Mozilla should not display warnings as you enter and leave secure sites.
- Change the way the security manager chooses which certificate to use.
- If you have multiple personal certificates, run the SSL Client Info Test for each of your certificates.
Test the Personal Security Manager UI
Select the Security Advisor item from the Tasks menu to display the Personal Security Manager.
- Click on all of the tabs and all of the buttons. Verify that neither Mozilla nor the Personal Security Manager crash.
- Click on every Help icon in the Security Advisor. Verify that the Help window opens, and that the text seems relevant.
Import a personal certificate
- If you already have a personal certificate that works in a Netscape browser,
you can import that certificate into Mozilla.
- In Netscape's security dialog, under Certificates | Yours, select your new certificate and click the Export button.
- Next, in Mozilla, select the Security Advisor item from the Tasks menu. Select the Certificates tab. The Mine pane has a Restore button that will allow you to import the certificate.
- After you import your certificate, create a back up copy.
- In the Security Advisor, select Certificates | Mine and click the Backup button.
- If you don't already have a personal certificate:
- Sign up for a
free
personal certificate from VeriSign.
Use another browser to get the certificate. The type of certificate you want to get is the one for "VeriSign(TM) Class 1 Digital ID(SM) for Netscape Communicator or Netscape Navigator."
- After you sign up, you will receive an e-mail message that will tell you how to get your personal certificate. Then export your certificate from Netscape, and import it into Mozilla, and back up your certificate. (Instructions above.)
- Sign up for a
free
personal certificate from VeriSign.
If you have mutiple e-mail accounts set up in Mozilla, you might want to get multiple personal certificates. This will allow you to test being able select which certificate you would like to present.
2000-03-01: edited and updated, Christine Begle2000-02-29: original document, John Unruh