User Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0a2 Build ID: 20151104004053 Steps to reproduce: Browsed https://dcms.taipower.com.tw/tpcGoogleMap/ Actual results: Got stuck in your "Secure Connection Failed An error occurred during a connection to dcms.taipower.com.tw. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) " dialogs. WITH NO METHOD TO OVERRIDE, even if the boss is breathing down our neck and we are late for work, etc. All the user can do is click Report which might report the site to some international police organization or something, the user thinks, only sending this this little problem with the other bureau's programmer, who might be out to lunch at the moment, instead outside the company to that international police organization, he fears. OK, I am exaggerating, but that is how it looks like to a hurried user. Expected results: Should see the site without any problems, like one can do in chromium: 46.0.2490.71-1 . Not one single blip.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0 20151124030553 (In reply to Dan Jacobson from comment #0) > sec_error_bad_signature In the latest Nightly, the error I'm getting is sec_error_unknown_issuer. SSL Labs says the certificate is not trusted and the chain is incomplete: https://www.ssllabs.com/ssltest/analyze.html?d=dcms.taipower.com.tw > WITH NO METHOD TO OVERRIDE, Bug 403220.
Well chrome thinks it is fine. What do you think about that? If it is really bad then can you make a chrome bug report please to back up the fact that it is really bad?
Chrome attempts to fetch intermediate certificates that may be missing in the handshake. Firefox does not (for a few reasons: privacy, performance, the fact that the locations of the missing intermediates come from an untrusted source, etc.). That's probably why this works in Chrome and not Firefox. In any case, the site is incorrectly configured. The administrators need to fix it.
Well nonetheless, one major league browser gets through with not the least murmur, one other major league browser defends the user 100% blocking the site "over my dead body you will not get to this site". There should be a valid bug against one or the other. I have no opinion which.
Site no longer exists, it seems.