Closed Bug 1597802 Opened 6 years ago Closed 6 years ago

SSL_ERROR_UNKNOWN_CA_ALERT

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
70 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: sergio+it, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

  1. I have a user certificate in Your certificated installed. (CN=myhost.mydomain.tld)
  2. Trying to open https://tracker.debian.org asks to choose a certificate if installed (my own). Cancelling certificate request shows tracker.debian.org page.

Actual results:

  1. Once, accidentally, by mistake I've answered to choose my certificate for tracker.debian.org and firefox permanently remembers my answer.
  2. Now it shows SSL_ERROR_UNKNOWN_CA_ALERT for tracker.debian.org

Expected results:

The only way I know to fix it is to remove my certificate (to reset that remembrance) and install it back.

Component: Untriaged → Security

Does restarting Firefox clear the cached decision?

Flags: needinfo?(sergio+it)

No. Restarting Firefox or even cleaning the session doesn't help.
And I knot how to reproduce it: you need exactly three files: cert9.db, key4.db and prefs.js. Removing one of these files lead to key re-asking or just opening tracker.debian.org without any question (if you remove the key).

I've recreated the CA so I can attach all three files here, even one of them contains my private key.

Flags: needinfo?(sergio+it)
Attached file cert9.db

cert9.db

Attached file key4.db

cert9.db

Attached file prefs.js

You've configured Firefox to select a client certificate automatically for any server that asks, without informing you. You can reset this in about:preferences, going to the Privacy & Security tab, and selecting the option Ask you every time under Certificates. Does that result in Firefox doing what you want?

Flags: needinfo?(sergio+it)

All is wrong. I'll open another bug.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(sergio+it)
Resolution: --- → INVALID

Could you remove attached files please.

They can't be removed, but I marked them inaccessible to anyone who doesn't have access to core security bugs.

That said, you should probably revoke and replace any private keys that are in that key4.db file (sorry for the bugspam).

All keys were revoked before upload. I've asked to remove them just in case. Thank you.

You need to log in before you can comment on or make changes to this bug.