HUD Won't Load When ZAP Cert Expired

[davewichers]

Problem:
I was getting security errors in the ZAP built in Firefox when trying to use the HUD, and it wouldn't load. I finally figured out the problem was that ZAP's built in cert was expired. When I generated a new cert, closed firefox, and relaunched it from with ZAP, the HUD now displays fine.

Suggested fix:
a) Ideally, you'd figure out a way to tell the browser to allow the ZAP HUD requests, even if the ZAP server cert is expired. However, I suspect this is hard, maybe impossible. Assuming you can't do this, I then suggest:
b) When the user clicks on Launch Browser within ZAP, and "Enable HUD" is checked, ZAP first checks to see if the ZAP cert is expired and if it is, throws up a dialog with a warning something like: "The ZAP root certificate is expired. The HUD won't be allowed to connect to ZAP because of this. To fix this, a new ZAP root certificate needs to be generated. Would you like to generate one now before launching your browser (Yes/No)."

If they click yes, then generate a new cert first. Then launch the browser and it should 'just work' at this point. If they hit no, the browser will launch but they'll get Security Warnings displayed on the left/right where the HUD is supposed to display.

I think this should be a pretty easy fix, and would help non-experts get past this problem pretty much automatically. It took me like 10 minutes to figure the problem and fix it.

[psiinon]

Yeah, we tell the browser to ignore cert errors, but I guess it doesnt ignore cert expiry.
Warning the user seems like the easiest approach.