1484201 - FIrefox 61.x 64bit version missing DIGICERT or "RapidSSL RSA CA 2018"

Status: RESOLVED INVALID

(CA Program :: CA Certificate Root Program, task, P1)

Description

[kpsanal]

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/68.0.3440.75 Chrome/68.0.3440.75 Safari/537.36

Steps to reproduce:

Firefox 61.x 64bit version (Mac OS) missing DigiCert or RAPIDSSL CA



Expected results:

While browsing sites which has RAPIDSSL, it throws SSL error

Comment 1

[kpsanal]

Same infected with -

OS: Windws 8.1 Pro
FIrefox: 62.0b17 64Bit

Comment 2

[kpsanal]

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

Common Name (CN)	RapidSSL RSA CA 2018
Organisation (O)	DigiCert Inc
Organisational Unit (OU)	www.digicert.com

Comment 3

[Dana Keeler (she/her) [:keeler]]

(In reply to kpsanal from comment #2)
> Common Name (CN)	RapidSSL RSA CA 2018
> Organisation (O)	DigiCert Inc
> Organisational Unit (OU)	www.digicert.com

The only certificate with that distinguished name I can find is not a root certificate ( https://crt.sh/?id=250864689 ), so it's not something that would be included in the Mozilla Root CA database. It's more likely that the sites you're visiting aren't sending the right set of intermediate certificates (namely, that intermediate certificate). In other words, those servers are misconfigured. To work around this, you can either manually import the intermediate certificate ( https://crt.sh/?d=250864689 ) or visit a site that is properly configured that uses the intermediate, which will cause Firefox to cache it and use it in other connections.