Closed Bug 1442880 Opened 7 years ago Closed 7 years ago

Downloading a certificate from a website triggers the auto import cert , this window is like it has an old file with the same name in cache.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: jose.mgavillan, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) GSA/43.0.185608249 Mobile/15E5167f Safari/604.1 Steps to reproduce: Our website generates our CA cert, but the CA file has the same name. When a user generates a new CA and downloads it Firefox seems to use a cache file since the new generated CA has the same name. We did a right click to force a Download and the correct file was loaded but when we did a certificate import it still use its own cache file. Actual results: The imported CA is the old certificate Expected results: The new CA should have been imported to the certificate
Summary: Downloading a certificate from a website triggers the auto import cert , this window stale file is like it has an old file with the same name in cache. → Downloading a certificate from a website triggers the auto import cert , this window is like it has an old file with the same name in cache.
Not a bug that needs to stay hidden. For this bug to be actionable, I expect you'd need to at least clarify what your cache headers on the certificate file are.
Group: firefox-core-security
Component: Untriaged → Security: PSM
Product: Firefox → Core
How can I verify that?
(In reply to jose.mgavillan from comment #2) > How can I verify that? Uh, request the file in question before/after it changes, with cURL or a similar tool (or with the browser, but use the network monitor in the browser toolbox ( https://developer.mozilla.org/en-US/docs/Tools/Browser_Toolbox )) and check the headers? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control and https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching may further be helpful here.
Flags: needinfo?(jose.mgavillan)
I believe the "cache" in question is actually the certificate database. You can probably find the old CA certificate in about:preferences -> search for "certificates" -> "View Certificates" -> "Authorities". If you delete the old certificate and restart Firefox, you should be able to import the new one. To prevent this happening in the future, you should ensure that all certificates are unique in terms of the pair (issuer name, serial number). That is, no two certificates should have the same issuer names and serial numbers if they're actually different certificates.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.