Closed Bug 1157847 Opened 5 years ago Closed 4 years ago

sso.smartsheet.com does not send the necessary intermediate cert

Categories

(Web Compatibility :: Desktop, defect, major)

defect
Not set
major

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: hwine, Unassigned)

References

()

Details

Attachments

(2 files)

Attached image Bad issuer message
With buildid 20150420134330 (38.0b6), new profile, the cert on sso.smartsheet.com is listed as invalid due to issuer cert being unknown.

See attached screenshots.
Cert as exported from FF
https://www.ssllabs.com/ssltest/analyze.html?d=sso.smartsheet.com :
>                   sso.smartsheet.com
> 1 Sent by server  Fingerprint: ec0e0bd8e16ae1c61da3aade74d240102bc1494b
>                   RSA 2048 bits (e 65537) / SHA1withRSA
> 
>                   thawte Extended Validation SSL CA
> 2 Extra download  Fingerprint: 3dd6c26a33b179e76eed2cd360aa75a5c1b76a56
>                   RSA 2048 bits (e 65537) / SHA1withRSA
> 
>                   thawte Primary Root CA   Self-signed	
> 3 In trust store  Fingerprint: 91c6d6ee3e8ac86384e548c299295c756c817b81
>                   RSA 2048 bits (e 65537) / SHA1withRSA

Note the phrase "Extra download" - the server is misconfigured as it should be sending the intermediate cert.

This is the relevant intermediate cert, discovered from the AIA part of the end-entity cert:
> http://crl.thawte.com/ThawteEVCA2006.cer

After downloading and importing this intermediate cert, I can connect to the site fine.
Component: General → Desktop
Product: Firefox → Tech Evangelism
Hardware: x86_64 → Unspecified
Summary: FF 38 rejects unexpired thwate certificate as "invalid issuer" → sso.smartsheet.com does not send the necessary intermediate cert
Version: 38 Branch → unspecified
Fixed.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.