1672402 - "USERTrust RSA Certification Authority" is categorized as ERROR_SECURITY_BAD_CERT on Android but is not on Desktop

Status: RESOLVED DUPLICATE of bug 1520297

(Core :: Security, defect)

Description

[Arturo Mejia [:amejia]]

For STP see the Fenix bug. The same issue is also reproducible on the GeckoView Sample app.

Comment 1

[Tom S [:evilpie]]

The certificate chain is incomplete: https://www.ssllabs.com/ssltest/analyze.html?d=www.sheffield.gov.uk
I suspect the Intermediate CA Preloading we do on Firefox for Desktop works around this problem. Maybe that doesn't work on mobile?

Comment 2

[Geoff Lawrence]

Ah, that's interesting, thanks Tom, never thought to check the site like that. Mostly because Firefox Desktop works fine with no errors, as do other browsers. Sounds like this is one of those "Well it works in other browsers" type of problems but where only Firefox on Android is revealing the problem

Comment 3

[Kevin Brosnan [Ex-Mozilla]]

Preloading is disabled in Firefox for Android. Tried setting the pref to true and restarting the browser. Still get an error on page load. Maybe we are not using the new cert storage? Not sure if the crypto team already has work tracking this. Dana does the team have bugs tracking Android work yet?

pref("security.remote_settings.intermediates.enabled", true);

Comment 4

[Kevin Brosnan [Ex-Mozilla]]

Ah found it.