Closed
Bug 1112472
Opened 10 years ago
Closed 9 years ago
Firefox can't handle multi domain ssl cert
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: ffchung2002, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141125180439 Steps to reproduce: As the ssl cert have support 2 domain, 1. trade.iex.hk 2. www.isurewin.com it normal if go to trade.iex.hk, but it go wrong if go to www.isurewin.com Fail Case : https://www.isurewin.com/duration_dev/web/cs_reserve.jsp?lang=tchi Actual results: This Connection is Untrusted You have asked Firefox to connect securely to www.isurewin.com, but we can't confirm that your connection is secure. Expected results: Normal it will just go to the site with ssl.
Reporter | ||
Comment 1•10 years ago
|
||
Additional Information on the Actual results : This Connection is Untrusted You have asked Firefox to connect securely to www.isurewin.com, but we can't confirm that your connection is secure. Technical Details www.isurewin.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
Reporter | ||
Updated•10 years ago
|
Component: Untriaged → Security
It looks like that server isn't sending any intermediate certificates. As far as I can tell, it needs to include the DigiCert SHA2 High Assurance Server CA. Otherwise, Firefox can't find a path to a trusted root.
Reporter | ||
Comment 3•10 years ago
|
||
I am not sure about that, but it worked on other browser like chrome and ie. Also same cert work on trade.iex.hk but not www.isurewin.com on Firefox.
Comment 4•9 years ago
|
||
(In reply to ffchung2002 from comment #3) > I am not sure about that, but it worked on other browser like chrome and ie. Probably because the intermediate certs are already installed there. It works on my Firefox profile because it has the intermediate certs, too. The server should still be providing them. See e.g. : https://www.sslshopper.com/ssl-checker.html#hostname=www.isurewin.com/duration_dev/web/cs_reserve.jsp?lang=tchi > Also same cert work on trade.iex.hk but not www.isurewin.com on Firefox. https://www.sslshopper.com/ssl-checker.html#hostname=trade.iex.hk shows that in this case, the server provides the right chain of certs (DigiCert High Assurance CA-3 and DigiCert High Assurance EV Root CA). This is a server configuration problem, not a Firefox bug.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•