Open
Bug 1302750
Opened 8 years ago
Updated 2 years ago
expired certificate page is unclear that it's using local time instead of UTC
Categories
(Firefox :: Security, defect, P3)
Tracking
()
NEW
People
(Reporter: aerowolf, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0 Build ID: 20160823121617 Steps to reproduce: Firefox 48.0.2 on Windows 10, since I'm not sure if this is an NSS or Firefox chrome issue. Today I went to https://apps.fcc.gov/, and obtained an Insecure Connection warning. apps.fcc.gov uses an invalid security certificate. The certificate expired on Tuesday, September 13, 2016 17:27. The current time is Wednesday, September 14, 2016 07:42. Error code: SEC_ERROR_EXPIRED_CERTIFICATE The message indicated that it was using the current time as set on my computer in my time zone (PDT) instead of UTC. (I understand that the certificate was truly expired at this time. My complaint is that it appears to be using the wrong time zone for validation.) Looking at the certificate in the certificate viewer (via "Add an exception"), the NotAfter is set as: Tuesday, September 13, 2016 17:27:01 (Wednesday, September 14, 2016 00:27:01 GMT) This appears to be a chrome issue in Firefox. Perhaps a comment like "(times converted from UTC)" could be added, to make it clear that times aren't being compared across different timezones? Actual results:
This is more of a frontend design question (although the fix will involve changing the backend).
Component: Security: PSM → Security
Product: Core → Firefox
Summary: Certificate validation date uses local time zone instead of UTC → expired certificate page is unclear that it's using local time instead of UTC
Updated•7 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•