1606662 - Firefox Version 71.0 is missing CA Certificates

Status: RESOLVED INCOMPLETE

(Core :: Security: PSM, defect)

Description

[christian.gottlieb]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Steps to reproduce:

1. Install Firefox 32-Bit Version from Download Section or have 64-Bit Version installed from the "install now" button.

2. Try to access a page that is using an SSL-Certificate that is issued by Comodo CA Limited. In our case: my.statkraft.com

Actual results:

Page returns with an error that the issuer of the certificate can not be found

Expected results:

The page should have loaded successfully.

Note: It does work properly with the Version 71.0 in 64-Bit that can be downloaded from the Download Section. The problem is that the other versions are lacking almost all Certificates for all the CAs. I was able to fix this manually by exporting the certificates from the working 64-Bit Version and import them into the faulty 32-Bit ad 64-Bit Versions. Please change it so, that all versions are being published with all CA certificates.

Comment 1

[Alexandra Martin]

Hi Christian, thank you for reporting this. I was able to reproduce the issue on all 32-bit and 64-bit Firefox versions (Release, Beta, Nightly).

Comment 2

[Dana Keeler (she/her) [:keeler]]

Are you seeing the untrusted issuer error on every page you visit? (note that https://www.ssllabs.com/ssltest/analyze.html?d=my.statkraft.com indicates that server doesn't include any intermediate certificates in the TLS handshake, so it's not surprising that you would see that error until you had cached the necessary intermediate from another server).