Closed Bug 1339342 Opened 8 years ago Closed 8 years ago

Bundle of Root certificates issue (SEC_ERROR_UNKNOWN_ISSUER)

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
51 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: ulrich.schroeter, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Build ID: 20170125094131 Steps to reproduce: Go to http://ecc-k.porsche.com, redirects to https://fs.porsche.de or go to https://gmx.net resolves to "this connection is unsecure". Under extended infos the error code is: SEC_ERROR_UNKNOWN_ISSUER. Actual results: Result 1: (gmx.net) -------- gmx.net certificate (gmx.net) issuer is: CN = thawte SSL CA - G2 O = thawte, Inc. C = US Intermediate certificate (thawte SSL CA - G2) lists as: CN = thawte SSL CA - G2 O = thawte, Inc. C = US with issuer: CN = thawte Primary Root CA OU = (c) 2006 thawte, Inc. - For authorized use only OU = Certification Services Division O = thawte, Inc. C = US Mozilla Firefox 51.0.1 resolves the root certificate (thawte) to: CN = thawte Primary Root CA OU = (c) 2006 thawte, Inc. - For authorized use only OU = Certification Services Division O = thawte, Inc. C = US with issuer: CN = thawte Primary Root CA OU = (c) 2006 thawte, Inc. - For authorized use only OU = Certification Services Division O = thawte, Inc. C = US sha1 fingerprint: ‎91 c6 d6 ee 3e 8a c8 63 84 e5 48 c2 99 29 5c 75 6c 81 7b 81 ssllabs.com reports found root certificate with success: Fingerprint SHA1: 91c6d6ee3e8ac86384e548c299295c756c817b81 Result 2: (fs.porsche.de) --------- fs.porsche.de issuer is: CN = thawte DV SSL SHA256 CA OU = Domain Validated SSL O = thawte, Inc. C = US intermediate certificate (thawte DV SSL SHA256 CA) lists as: CN = thawte DV SSL SHA256 CA OU = Domain Validated SSL O = thawte, Inc. C = US with issuer: CN = thawte Primary Root CA - G3 OU = (c) 2008 thawte, Inc. - For authorized use only OU = Certification Services Division O = thawte, Inc. C = US root certificate (thawte Primary Root CA - G3) lists as: CN = thawte Primary Root CA - G3 OU = (c) 2008 thawte, Inc. - For authorized use only OU = Certification Services Division O = thawte, Inc. C = US with issuer: CN = thawte Primary Root CA - G3 OU = (c) 2008 thawte, Inc. - For authorized use only OU = Certification Services Division O = thawte, Inc. C = US Mozilla resolves to chain "thawte DV SSL SHA256 CA" and "thawte Primary Root CA - G3" but results in "unsecure" Expected results: no blocking warning whats going wrong here ?!?
Exspecialy most Thawte Inc certificates comes without any selection on "edit trust". With set the "trust" checkbox for "trust this root to secure websites" the problem gets solved. Tested websites, that reports an error before the change: https://fs.porsche.de https://cryptoreport.thawte.com/checker/ https://www.gmx.net/ https://www.thawte.com/roots/ results in no problem anymore
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.