Closed
Bug 1189145
Opened 9 years ago
Closed 7 years ago
www.boardreader.com does not send intermediate certificate and chains to a root certificate that didn't sign it
Categories
(Web Compatibility :: Site Reports, defect)
Web Compatibility
Site Reports
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: sergemp, Unassigned)
References
()
Details
(Whiteboard: [contactready])
Attachments
(1 file)
|
63.18 KB,
image/png
|
Details |
broadreader-com.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20150726004010 Steps to reproduce: Open https://www.boardreader.com/ Actual results: An error occurred during a connection to www.boardreader.com. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) [Try Again] and no way to visit that https site with firefox. Empty profile screenshot attached. Expected results: The page should open, or there should be an explanation and "I Understand the Risks" button at least. Additional information: ssl labs gives 100% to certificate: https://www.ssllabs.com/ssltest/analyze.html?d=www.boardreader.com Last "working" build (or at least it has "I Understand the Risks" button): https://ftp.mozilla.org/pub/firefox/nightly/2014/03/2014-03-31-03-02-01-mozilla-central/firefox-31.0a1.en-US.linux-i686.tar.bz2 First broken build: https://ftp.mozilla.org/pub/firefox/nightly/2014/04/2014-04-01-03-02-03-mozilla-central/firefox-31.0a1.en-US.linux-i686.tar.bz2
|
||
Comment 1•9 years ago
|
||
Push log http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=382f676d0ed9&tochange=1417d180a1d8
Blocks: mozilla::pkix
Component: Untriaged → Security: PSM
OS: Unspecified → All
Product: Firefox → Core
Hardware: Unspecified → All
Version: 41 Branch → 31 Branch
The server isn't sending the necessary intermediate certificate to build a verified path to a trust anchor. The site's certificate appears to be issued by "Network Solutions Certificate Authority". There happens to be a trust anchor in Firefox's root certificate program with that same subject, but that appears to not be the certificate that issued the site's certificate (i.e. the keys are different). Since the keys are different, the signature fails to verify. Since the site isn't sending any intermediate certificates, Firefox has no other options to try to find a chain, and determines that the connection is untrustworthy (and particularly so, since the signature failed to verify). In short, this is a tech evangelism bug.
Status: UNCONFIRMED → NEW
Component: Security: PSM → Desktop
Ever confirmed: true
Product: Core → Tech Evangelism
Version: 31 Branch → unspecified
|
||
Updated•9 years ago
|
See Also: → 1159471
Summary: [regression] sec_error_bad_signature and no "I Understand the Risks" button since firefox31, cert is good → www.boardreader.com does not send intermediate certificate and chains to a root certificate that didn't sign it
|
|
||
Comment 4•8 years ago
|
||
http://www.boardreader.com/ the https-less domain is accessible. The https domain is still busted. To contact http://boardreader.com/info/contact.htm Switching to contactready If you contact them, please switch to sitewait
Whiteboard: [contactready]
|
|
||
Comment 5•7 years ago
|
||
Looks like the the server now sends an intermediate cert ("Network Solutions OV Server CA 2"), and works fine.Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•