(Hidden by Administrator)
Bug 1867771 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0 Steps to reproduce: As described in this Firefox support question: https://support.mozilla.org/en-US/questions/1432196 I was trying to reach an internal company website (<redacted>), with a certificate chain rooted in a company certificate authority. I got an error message looking like this (between the ~~~s): ~~~ Someone could be trying to impersonate the site and you should not continue. Web sites prove their identity via certificates. Firefox does not trust <redacted> because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates. Error code: SEC_ERROR_UNKNOWN_ISSUER View Certificate ~~~ The intermediate and root certificates were already installed on my machine (in /etc/ssl/certs), and had been picked up by Firefox and added to its list of authorities, so i was baffled. Mike Kaply kindly replied to pass on the hint that i check whether the CA certificates were trusted for websites. They were not! After i checked the box to trust them, everything worked fine. Actual results: The error message said of the internal website that that "its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates", none of which were true. Expected results: The error message should have said something like "its certificate issuer is known, but not trusted to issue certificates for websites". Alternatively, the certificates could have been trusted for websites from the beginning. As far as i can tell, other software on my machine assumes everything in /etc/ssl/certs is trusted to sign certificates used with HTTPS.