Deleting Outdated HPKP Key Pins in Firefox

HPKP Key Pins in Firefox

HPKP is a great technology to pin a certificate to a website. On first use of a domain, the browser of the client checks if key pinning is available. Upon a next visit, the browser applies an additional check if the certificate(s) provided is available in the previous list of white-listed sites.

HPKP error

Sometimes things go wrong with HPKP and you won’t be able to access a particular page.

Secure connection failed due to key pinning

The best action is first to contact the website and see if they are aware of the problem. Then if you feel comfortable with “overriding” the error message in Firefox, continue reading.

Delete the key pin manually

Close your web browser first. Then open the file SiteSecurityServiceState.txt in your profile directory. For example:

~/.mozilla/firefox/aabbccdd.default/SiteSecurityServiceState.txt

For Mac users: /Users/[username]/Library/Application Support/Firefox/Profiles/[random].default

Delete the related domain entries. Save the file and start your browser again.

Full Error

Below the full text for your convenience.

An error occurred during a connection to domain. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. (Error code: mozilla_pkix_error_key_pinning_failure)

* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem.

 

Did this page help? Great! If not, let us know in the comments, so this article can be improved!

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

4 comments

  • DennisDennis

    This helped and resolved my problem 100% on 2 different Macs today 10/24/2016 (using FF 49.0.2 and El Capitan 10.11.6). Thanks!

    Reply
  • ShowfomShowfom

    There is a simple way to find the file, type about:support on Firefox and on Application Basics you will find Profile Folder

    Then click Open Folder, you can just see the SiteSecurityServiceState.txt on that folder.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.