Use UTC for SSL certificate expiry

RESOLVED DUPLICATE of bug 1302750

Status

()

Core
Security: PSM
--
minor
RESOLVED DUPLICATE of bug 1302750
a year ago
a year ago

People

(Reporter: Linus Kardell, Unassigned)

Tracking

49 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
Build ID: 20161020000000

Steps to reproduce:

Go to a site whose certificate has expired in your local timezone, but not in UTC, or has expired in UTC, but not your local timezone.


Actual results:

Certificate expiry will be based on your local timezone.


Expected results:

Using the local timezone for SSL certificate expiry makes little sense, as that means certificates will expire at different times in different places. It makes more sense to go by UTC, in which case it will expire at the same time everywhere.
(Reporter)

Updated

a year ago
Severity: normal → minor

Updated

a year ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Certificate expiration comparisons are done using UTC, so it shouldn't be possible for a certificate to have expired in a user's local timezone but not UTC. What is leading you to believe this is occurring?
Flags: needinfo?(linus.kardell+mozillabugs)
(Reporter)

Comment 2

a year ago
When viewing a page with an expired certificate, e.g.
https://expired.identrustssl.com/, it shows the local time as the
current time.
Yes, but it also displays the expiration time in local time, so the comparison still happens in the same time zone. This should be addressed by bug 1302750.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Flags: needinfo?(linus.kardell+mozillabugs)
Resolution: --- → DUPLICATE
Duplicate of bug: 1302750
You need to log in before you can comment on or make changes to this bug.