Closed Bug 1679357 Opened 4 years ago Closed 4 years ago

summerinfant.com fails to load, with SSL error SEC_ERROR_UNKNOWN_ISSUER in a fresh profile (loads fine in Chrome and in a different Firefox profile)

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1667930

People

(Reporter: dholbert, Unassigned)

References

Details

STR:

  1. Load https://www.summerinfant.com in a fresh profile

EXPECTED RESULTS:
Page should load.

ACTUAL RESULTS:
SSL cert error page, with these details:

Firefox does not trust www.summerinfant.com because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

Error code: SEC_ERROR_UNKNOWN_ISSUER

The cert info page says it was issued by DigiCert, for what it's worth.

I'm using latest Firefox Nightly 85.0a1 (2020-11-25). The same Firefox version gives EXPECTED RESULTS using my regular browsing profile, for some reason. (not sure why). Chrome gives EXPECTED RESULTS.

SSLLabs gives this site a "B" grade:
https://www.ssllabs.com/ssltest/analyze.html?d=www.summerinfant.com&latest
They do say the cert chain is incomplete, which perhaps is the issue, but I would've expected bug 1404934 would've addressed that. Maybe there's a new intermediate cert that we need to preload? I'm tentatively marking this as blocking bug 1404934, on the assumption that that's the issue here.

Summary: summerinfant.com gives SSL errors in a fresh profile (loads fine in Chrome and in a different Firefox profile) → summerinfant.com fails to load, with SSL error SEC_ERROR_UNKNOWN_ISSUER in a fresh profile (loads fine in Chrome and in a different Firefox profile)

(In reply to Daniel Holbert [:dholbert] (on leave until Dec 1) from comment #0)

The same Firefox version gives EXPECTED RESULTS using my regular browsing profile, for some reason. (not sure why).

If I copy the file security_state/data.safe.bin from my profile over into a fresh profile, then the fresh profile gives EXPECTED RESULTS.

So the relevant profile-state here (which makes this work in my regular profile) seems to be stored in security_state/data.safe.bin; and I ended up with a working version of that file in my main browsing profile, some way or another.

Intermediate preloading initially shipped with conservative settings - it would take a while to download all of the intermediates. Bug 1667930 increased the download rate, so it should happen within a day.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.