I have set up a local webserver in a virtual machine for testing firefox web apps. That server has also been setup as certificate authority to avoid the 'risk messages' for local testing, and i signed a certificate for the webserver.
So, calling the web app in firefox displays no more warnings.
Installing the web app as 'standalone' still displays an alert (messagebox):
The certificate is not trusted because no certificate issuer chain was provided. (Error code: SEC_ERROR_UNKNOWN_ISSUER) (translated by google translator)
Dem Zertifikat wird nicht vertraut, weil keine Zertifikatsausstellerkette angegeben wurde. (Fehlercode: sec_error_unknown_issuer) (german message)
I am using Apache2.2 and Openssl on debian_wheezy_64 and i think i have done everything allright, can't figure out what the standalone web app is missing with that ssl error message.
Update: As it seems that the standalone web app environment does not know anything about the firefox browser certificates(chain), i configured the webserver (mod_ssl virtualhost) to provide a direct chain to the (self)root ca:
SSLCertificateChainFile /path_to/ca.crt
Now the problem is, that because maybe the standalone environment does not know the certificate authorities added to firefox, the sec_error know says
The certificate is not trusted because the issuer certificate is not trusted
I think it makes sense (or no sense...) if the standalone environment has an own certificate management, so the question is, how to tell the standalone environment that i trust the (self)root ca.
You need to configure the standalone environment with a default trusted certificate chain - "The certificate is not trusted because no certificate issuer chain was provided"
When you install Firefox, it comes preconfigured with a set of certificates that it trusts by default. Any certificates whose signature chain terminates at the top with one of these preconfigured certificates will be automatically trusted. For instance, I use opera on windows and by default it trusts a whole host of certificate authorities:
You probably need to configure your standalone environment with a list of default trusted certificate authorities.