https://help.equifax.com is insecure on clean Firefox profile

NEW
Unassigned

Status

Tech Evangelism
Desktop
27 days ago
27 days ago

People

(Reporter: mcomella, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

1) Start a fresh Firefox profile
2) Visit https://help.equifax.com

Expected: Secure connection
Actual: "Your connection is not secure" warning page.

On my usual profile, the connection succeeds.

My understanding is that they're only using an intermediate CA, "Symantec Class 3 Secure Server CA - G4", and my usual profile has cached it. Here's the openssl check:

$ openssl s_client -connect help.equifax.com:443
CONNECTED(00000003)
depth=0 /C=US/ST=Georgia/L=Alpharetta/O=Equifax Inc/CN=help.equifax.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Georgia/L=Alpharetta/O=Equifax Inc/CN=help.equifax.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Georgia/L=Alpharetta/O=Equifax Inc/CN=help.equifax.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Georgia/L=Alpharetta/O=Equifax Inc/CN=help.equifax.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---

fwiw, I've been debugging this issue for Firefox Focus on Android in https://github.com/mozilla-mobile/focus-android/issues/1338.
You need to log in before you can comment on or make changes to this bug.