Closed
Bug 143744
Opened 22 years ago
Closed 22 years ago
Browser doesn't load page with SSL pages with misconfigured/questionable certificates.
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: webmaster, Assigned: ssaux)
References
()
Details
Attachments
(1 file)
22.40 KB,
image/png
|
Details |
Mozilla 1.0 RC1, 0.98 and 0.99, too. Once I accept the certificate of https://www.camgaroo.com/ I can't load https://www.mmc-startup.com/ . At first Mozilla tells me that this certificate (the Browser gets from mmc-startup.com) is wrong and is issued for www.camgaroo.com. Then I say accept (anyway). It asks once again... Finally I get this error-message: "www.mmc-startup.com has received an incorrect or unexpected message. Error Code: -12227". And the page won't load. After I delete the stored certificate I can open https://www.mmc-startup.com/ but now the problem is just the other way round. There is no such problem with IE 6.0. We made these certificates on our own, so they are from the same CA. Probably the problem is caused because both certificates have the same Serial Number (and perhaps because they are also from the same CA). Maybe Mozilla distinguisches certificates by Serial Number (and maybe CA) and when it gets another cert with the same Serial Number it comes into trouble.
Reporter | ||
Comment 1•22 years ago
|
||
Reporter | ||
Comment 2•22 years ago
|
||
I just found out that this problem only occurs when I say "Remember this certificate permanently" on the first page. Additionally I added some screenshots (see attachments).
Comment 4•22 years ago
|
||
Without knowing more details, I'd suspect it is a problem at the SSL or cert database layer.
Comment 5•22 years ago
|
||
Marking invalid. I agree the problem you saw was most likely caused by both certs having the same issuer and same serial number. You seem to have installed new certificates on the sites.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 7•22 years ago
|
||
Yes I made new Certs as there was probably a trojan on the server. Is it OK for Mozilla not to load a page when issuer and serial number are the same?
Comment 8•22 years ago
|
||
Yes, your configuration was invalid. There is another bug which has more info and which was resolved recently... In that other bug it was said, a unique combination of {issuer, serial number} is a MUST requirement defined in RFCs for PKI.
Comment 9•22 years ago
|
||
Found it, see bug 144889.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•