Closed Bug 1350851 Opened 3 years ago Closed 3 years ago
.yahoo .com doesn't send the right intermediate certificates
[Affected versions]: Firefox 52.0.1esr (Build Id:20170316213902) Firefox 52.0.2esr (Build Id:20170323110425) Firefox 45.8.0esr (Build Id:20170301181722) [Affected platforms]: Mac OS X 10.12. Ubuntu 16.04 64bi. Windows 10 64 bit. Windwos 7 64 bit. [Steps to reproduce]: 1. Launch Firefox with a clean profile. 2. Access the https://calendar.yahoo.com/ weblink. 3. Observe that the “Insecure Connection” warning is displayed. [Expected result]: The Connection is secured and the webpage is successfully loaded. [Actual result]: The “Insecure Connection” warning is displayed with the following error code: SEC_ERROR_UNKNOWN_ISSUER https://calendar.yahoo.com/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false [Regression range]: I will return with a regression range as soon as possible. [Additional notes]: This issue is reproducible only on esr builds. Please observe the attached video for more information. Please note that you must use a clean profile in order to reproduce this issue.
Looks like a misconfiguration on the server side, I'm seeing a cert signed by digicert, but the server is sending (sha1) verisign intermediates.
Misconfigured server -> tech evangelism.
Component: Security → Desktop
Product: Core → Tech Evangelism
Summary: Insecure Connection warning is displayed when accessing Yahoo Calendar → calendar.yahoo.com doesn't send the right intermediate certificates
Contacted Jenny at Yahoo!
Whiteboard: [cert] [server] [sitewait]
seems fixed now: Certificate chain 0 s:/C=US/ST=CA/L=Sunnyvale/O=Yahoo! Inc./CN=*.calendar.yahoo.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
This is verified fixed on 52.4.1esr (BuildId:20171005074949) using Windows 10 64bit, macOS 10.11.6 and Ubuntu 16.04 64bit. The right certificates are sent.
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.