Closed Bug 154418 Opened 23 years ago Closed 23 years ago

Cert is verified true, even though root CA is not trusted.

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: junruh, Assigned: ssaux)

References

(
URL
)

Details

1.) Get the CA from the in-house CMS server and trust it - https://lab212sun.mcom.com:447/GetCAChain.html 2.) Get a cert from here - https://lab212sun.mcom.com:447/DirUserEnroll.html 3.) Open the Cert Manager, Authorities tab. What happens: The root CA is not trusted, nor the intermediate CA, but the cert is verified as true. Trusting any one of the CAs will verify the cert as true. What is expected: That all of the CAs in the chain should be trusted before the cert is verified as true.
Is this a branch build?
John, If you download the Root CA and trust it, then it's expected that the ee cert would be verified. You don't need all CA's in the chain to be trusted.
Stephane is correct. Certs are supposed to chain. Root certs export their trust by signing intermediates. If any cert in the chain is trusted, the leaf cert is trusted (in fact you can trust the leaf cert directly for many operations. There is no UI to explicitly not trust a cert. bob
It sounds like I should mark this bug as wontfix, and bug 154251 as a dupe of this one. Agreed?
no 154251 is a different issue. About this bug, I only want a clarification from you. In your original comment, you say in 3) that the root CA is not trusted, but in 1) you said that you did trust it. That seems contradictory. Can you confirm this? If the root appears untrusted in the cert manager, does closing and opening the cert manager (if not that, the application) changes the status of the root ca cert?
The CA trusted in 1.) is the third chain down from the root CA. The root CA is not shown as trusted in the Cert Manager, and opening and closing the Cert Manager does not change that fact. Marking this invalid due to Robert's comment #3 - "If any cert in the chain is trusted, the leaf cert is trusted"
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.3 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.