Eric Rescorla has a blog post over at Mozilla about the technical details on the recent Firefox add-on outage. He covers the background of how they use certificates, how they tried to mitigate the damage from the outage, how they worked to solve the problem without breaking more things, deployment of the replacement certificate, and why it took so long to fix.
Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we've fixed the problem for most users and most people's add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it.
There were a lot of work arounds discussed here and elsewhere, some of them quite stupid so, lastly, remember to undo any temporary work-arounds that might have been deployed last weekend.
Earlier on SN: In Firefox All Extensions Disabled Due to Expiration of Intermediate Signing Cert
(Score: 1, Informative) by Anonymous Coward on Saturday May 11 2019, @06:24AM
if you dont care about verifying the identity of your website to the user and only want
to secure / encrypt the data exchange bit-stream then just use simple easy self-signed certs.
ofc the global players in the identity managment businesssss continue to lump both aspects together.
one could verify that one has indeed reached the genuine website both all data exchange is in the clear (so wat for some data, right?)
-or-
one is not sure one has connected to the genuine site but all data exchange to it is encrypted (self signed certs).
browser makers have to stop beating on the second because verifying a sites identity (genuine) COSTS MONEY!
a self signed cert (for encrypted data exchange) is FREE!