Closed Bug 1535633 Opened 5 years ago Closed 5 years ago

Valid certificate with incomplete chain shows insecure warning

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
65 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1535662

People

(Reporter: 13hurdw, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Chrome shows cert as valid
1.01 MB, image/png
Details

Firefox 65.0.1 mac

To reproduce:

www.ccssforum.org uses an invalid security certificate. 
The certificate is not trusted because the issuer certificate is unknown. 
The server might not be sending the appropriate intermediate certificates. 
An additional root certificate may need to be imported. 

Error code: SEC_ERROR_UNKNOWN_ISSUER

In Chrome, the site can be visited without any warnings

SSL Labs gives the site a grade of B
Chain issues Incomplete

should this case be treated as secure ?

A connection can of course not treated as secure if the chain is incomplete.
The only option is that Firefox tries to download the intermediate certificates on it's own to complete the chain to fix the broken website.

Chrome shows the certificate only as valid because either the intermediate certificate is cached or windows downloaded the intermediate on it's own in the windows certificate store.

(In reply to Matthias Versen [:Matti] from comment #1)

Chrome shows the certificate only as valid because either the intermediate certificate is cached or windows downloaded the intermediate on it's own in the windows certificate store.

This is on mac, FYI

This will be addressed by intermediate preloading.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: