Closed Bug 1100433 Opened 7 years ago Closed 7 years ago

checkout.durabrac.com doesn't send the full cert chain

Categories

(Web Compatibility :: Desktop, defect)

x86
macOS
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: andrew, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2221.0 Safari/537.36

Steps to reproduce:

Visit https://checkout.durabrac.com


Actual results:

Site doesn't load and gives the "This Connection is Untrusted" warning. See more info at http://cl.ly/image/45182B3p0b2C


Expected results:

Connection should be verified, just like in Chrome/IE/Safari.
Component: General → Security
The site doesn't seem to be sending the full cert chain, at first glance.
(In reply to Please do not ask for reviews for a bit [:bz] from comment #1)
> The site doesn't seem to be sending the full cert chain, at first glance.

It's sending the primary root, intermediate, and then the final SSL123.
(In reply to andrew from comment #2)
> (In reply to Please do not ask for reviews for a bit [:bz] from comment #1)
> > The site doesn't seem to be sending the full cert chain, at first glance.
> 
> It's sending the primary root, intermediate, and then the final SSL123.

I'm not seeing the intermediate or root either - just the end-entity certificate.
I'm taking another look at the server's config, but you can view the full hierarchy in any other browser if you want to compare.
It seems that the CPanel is bugged out and won't install the CA Bundle.
https://www.ssllabs.com/ssltest/analyze.html?d=checkout.durabrac.com suggests that the intermediate is now sent.

I can also connect successfully using a fresh profile and my normal dirty profile on Aurora 37.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Component: Security → Desktop
Product: Core → Tech Evangelism
Resolution: --- → FIXED
Summary: Not recognizing Thawte as a verified SSL issuer → checkout.durabrac.com doesn't send the full cert chain
Version: 32 Branch → unspecified
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.