summerinfant.com fails to load, with SSL error SEC_ERROR_UNKNOWN_ISSUER in a fresh profile (loads fine in Chrome and in a different Firefox profile)
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: dholbert, Unassigned)
References
Details
STR:
- Load https://www.summerinfant.com in a fresh profile
EXPECTED RESULTS:
Page should load.
ACTUAL RESULTS:
SSL cert error page, with these details:
Firefox does not trust www.summerinfant.com because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.
Error code: SEC_ERROR_UNKNOWN_ISSUER
The cert info page says it was issued by DigiCert, for what it's worth.
I'm using latest Firefox Nightly 85.0a1 (2020-11-25). The same Firefox version gives EXPECTED RESULTS using my regular browsing profile, for some reason. (not sure why). Chrome gives EXPECTED RESULTS.
SSLLabs gives this site a "B" grade:
https://www.ssllabs.com/ssltest/analyze.html?d=www.summerinfant.com&latest
They do say the cert chain is incomplete, which perhaps is the issue, but I would've expected bug 1404934 would've addressed that. Maybe there's a new intermediate cert that we need to preload? I'm tentatively marking this as blocking bug 1404934, on the assumption that that's the issue here.
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Comment 1•4 years ago
|
||
(In reply to Daniel Holbert [:dholbert] (on leave until Dec 1) from comment #0)
The same Firefox version gives EXPECTED RESULTS using my regular browsing profile, for some reason. (not sure why).
If I copy the file security_state/data.safe.bin
from my profile over into a fresh profile, then the fresh profile gives EXPECTED RESULTS.
So the relevant profile-state here (which makes this work in my regular profile) seems to be stored in security_state/data.safe.bin
; and I ended up with a working version of that file in my main browsing profile, some way or another.
Comment 2•4 years ago
|
||
Intermediate preloading initially shipped with conservative settings - it would take a while to download all of the intermediates. Bug 1667930 increased the download rate, so it should happen within a day.
Description
•