98243 - Equifax SSL Certificate Support

Status: VERIFIED DUPLICATE of bug 93103

(Core Graveyard :: Security: UI, defect, P2)

Description

[Michael T. Babcock]

I'm not sure how SSL certificate support is determined, but it would be nice to
have support for Equifax's various certificates.  See the URI above for a page
whose cert was issued by them.  Their certificates are available from their
site; I'll post the URI if desired.

Comment 1

[Matthias Versen [:Matti]]

-> PSM

Comment 2

[Stephane Saux]

The netscape browser has a built in equifax Root CA, but it's not the one used
to sign the SSL cert used by the above site.
I will contact equifax for comments.

Comment 3

[Stephane Saux]

I also noticed that the SSL cert validity is not before 9/04/2001. This may be
relevant.
I'll revisit that site tomorrow.

Comment 4

[Michael T. Babcock]

After an E-mail with Equifax tech support, I added an additional Equifax cert
into Apache's ca-bundle.crt and it now comes up without an error, but the
information page still shows "Issued by: ... Unknown Issuer".

Comment 5

[Stephane Saux]

Attachment: Screen capture showing the SSL cert validation chain.

Comment 6

[Stephane Saux]

From the previous attachment, the bug is fixed on 0.9.4 branch Win Build ID:
2001091003. Note that there is an intermediate CA. The corresponding Equifax
Secure CA-2 CA in the Netscape 6 browser is a different CA cert.

The unknown issuer problem is due to the intermediate CA, which is bug 93103

Marking dup of 93103.



*** This bug has been marked as a duplicate of 93103 ***

Comment 7

[John Unruh]

Verified dupe.