Closed Bug 1157847 Opened 5 years ago Closed 4 years ago
.smartsheet .com does not send the necessary intermediate cert
With buildid 20150420134330 (38.0b6), new profile, the cert on sso.smartsheet.com is listed as invalid due to issuer cert being unknown. See attached screenshots.
Cert as exported from FF
https://www.ssllabs.com/ssltest/analyze.html?d=sso.smartsheet.com : > sso.smartsheet.com > 1 Sent by server Fingerprint: ec0e0bd8e16ae1c61da3aade74d240102bc1494b > RSA 2048 bits (e 65537) / SHA1withRSA > > thawte Extended Validation SSL CA > 2 Extra download Fingerprint: 3dd6c26a33b179e76eed2cd360aa75a5c1b76a56 > RSA 2048 bits (e 65537) / SHA1withRSA > > thawte Primary Root CA Self-signed > 3 In trust store Fingerprint: 91c6d6ee3e8ac86384e548c299295c756c817b81 > RSA 2048 bits (e 65537) / SHA1withRSA Note the phrase "Extra download" - the server is misconfigured as it should be sending the intermediate cert. This is the relevant intermediate cert, discovered from the AIA part of the end-entity cert: > http://crl.thawte.com/ThawteEVCA2006.cer After downloading and importing this intermediate cert, I can connect to the site fine.
Component: General → Desktop
Product: Firefox → Tech Evangelism
Hardware: x86_64 → Unspecified
Summary: FF 38 rejects unexpired thwate certificate as "invalid issuer" → sso.smartsheet.com does not send the necessary intermediate cert
Version: 38 Branch → unspecified
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.