Closed Bug 143744 Opened 22 years ago Closed 22 years ago

Browser doesn't load page with SSL pages with misconfigured/questionable certificates.

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: webmaster, Assigned: ssaux)

References

(
URL
)

Details

Attachments

(1 file)

Screenshots that lead to this bug
22.40 KB, image/png
Details 
Mozilla 1.0 RC1, 0.98 and 0.99, too.


Once I accept the certificate of https://www.camgaroo.com/ I can't load
https://www.mmc-startup.com/ .
At first Mozilla tells me that this certificate (the Browser gets from
mmc-startup.com) is wrong and is issued for www.camgaroo.com. Then I say accept
(anyway). It asks once again... Finally I get this error-message:
"www.mmc-startup.com has received an incorrect or unexpected message. Error Code:
-12227". And the page won't load.

After I delete the stored certificate I can open https://www.mmc-startup.com/
but now the problem is just the other way round.

There is no such problem with IE 6.0.

We made these certificates on our own, so they are from the same CA. Probably
the problem is caused because both certificates have the same Serial Number (and
perhaps because they are also from the same CA). Maybe Mozilla distinguisches
certificates by Serial Number (and maybe CA) and when it gets another cert with
the same Serial Number it comes into trouble.
I just found out that this problem only occurs when I say "Remember this
certificate permanently" on the first page.

Additionally I added some screenshots (see attachments).
Confirming.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Without knowing more details, I'd suspect it is a problem at the SSL or cert
database layer.

Marking invalid.

I agree the problem you saw was most likely caused by both certs having the same
issuer and same serial number. You seem to have installed new certificates on
the sites.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
V
Status: RESOLVED → VERIFIED
Yes I made new Certs as there was probably a trojan on the server.

Is it OK for Mozilla not to load a page when issuer and serial number are the same? 
Yes, your configuration was invalid. There is another bug which has more info
and which was resolved recently...

In that other bug it was said, a unique combination of {issuer, serial number}
is a MUST requirement defined in RFCs for PKI.

Found it, see bug 144889.
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: