Closed Bug 1050302 Opened 6 years ago Closed 6 years ago

mozilla::pkix not accepting wildcard certificate: sec_error_bad_signature

Categories

(Core :: Security: PSM, defect)

31 Branch
x86_64
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME
mozilla35

People

(Reporter: brandon.pyle, Unassigned)

Details

(Keywords: regression, site-compat, Whiteboard: [dupme])

User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; MS-RTC LM 8)

Steps to reproduce:

Upon upgrade to Firefox 31 our user received the following error attempting connection to my.hillmangroup.com. 
Peer's certificate has an invalid signature.
(Error Code: sec_error_bad_signature)
This device has a valid wildcard certificate. (*.hillmangroup.com)


Actual results:

Peer's certificate has an invalid signature.
(Error Code: sec_error_bad_signature)



Expected results:

No error. User presented with sign on screen to our Cisco clientless SSL VPN.
I opened about:config and changed the security.use_mozillapkix_verification value from "true" to "false" and that fixed the issue.
Group: core-security
Component: Untriaged → Security: PSM
Product: Firefox → Core
Summary: libpkix_verification not accepting wildcard certificate sec_error_bad_signature → mozilla::pkix not accepting wildcard certificate: sec_error_bad_signature
This works for me on the latest Nightly (35), but not on 34, so this was fixed by something else recently.
Whiteboard: [dupme]
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1089104
Brandon, please comment in this bug
Resolution: DUPLICATE → WORKSFORME
Target Milestone: --- → mozilla35
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #4)
> Brandon, please comment in this bug

...if you experience this again. I tried it with Firefox 33 and it seemed to work.
You need to log in before you can comment on or make changes to this bug.