Closed
Bug 1106000
Opened 10 years ago
Closed 9 years ago
Permanent "SSL peer rejected your certificate as expired."
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1108408
People
(Reporter: grangen, Unassigned)
Details
(Keywords: regression)
Attachments
(1 file)
2.26 KB,
application/x-x509-ca-cert
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141113143407 Steps to reproduce: FF 33.1.1 / Windows 7 Enterprise SP1 security.use_mozillapkix_verification set to 'false' Open a new tab Enter the URL of the secured site (internal site) Insert the smart card in the driver Type in the PIN code - PIN code is accepted Actual results: The error message is displayed "SSL peer rejected your certificate as expired." and it's impossible to access the site. Expected results: The certificate is valid until 2016 I can access the site with IE 8 - No issue I can access the site with FF 32.0.3 6 - the access seems broken since the 33.0 release Removing and reloading the PKI module in the Device Manager doesn't help In bug #1052306 I reported in August, I was asked to switch security.use_mozillapkix_verification to 'false'; switching it back to 'true' doesn't help
Comment 1•10 years ago
|
||
Ugh. I should have followed up more when you closed the bug. Sorry for not doing that. pkix can't be turned off anymore, I don't think, which is why the preference doesn't change anything anymore. David/Brian, can you look into this?
Component: Untriaged → Security: PSM
Flags: needinfo?(dkeeler)
Flags: needinfo?(brian)
Keywords: regression
Product: Firefox → Core
Comment 2•10 years ago
|
||
To be clear, the reason I should have followed up is because it was already known that we would switch to pkix, and any problems resulting from using pkix instead of the old cert verification code should be addressed (not just ignored by telling people to switch the pref). The reason I asked was to diagnose if this was related to the switch or not (which it clearly was in the end...).
Updated•10 years ago
|
Flags: needinfo?(brian)
Would you be able to post a copy of the public part of your certificate? (You should be able to do this by going to the certificate manager, finding your certificate in the Your Certificates tab and going to View -> Details -> Export.)
Flags: needinfo?(dkeeler) → needinfo?(grangen)
Attached the requested information
Flags: needinfo?(grangen)
Comment 5•10 years ago
|
||
Re-needinfo'ing to make sure this doesn't slip through the cracks again...
Flags: needinfo?(dkeeler)
Thanks for reminding me about this (and thanks for posting the certificate). Unfortunately, I don't see anything problematic about the certificate. I'm trying to get my own smart card set up and working to see if I can replicate the issue, but that's been difficult. I'll keep working and let you know how it goes. Although, I did just notice that the certificate has an otherName entry in its subject alternative names extension. There was a bug recently with that (bug 1108408) that has been fixed. If you try with a recent nightly build of firefox, does it still fail?
Flags: needinfo?(dkeeler) → needinfo?(grangen)
I haven't received a response, so I'm assuming this issue has been resolved.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(grangen)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•