Open Bug 1711386 Opened 3 years ago Updated 3 years ago

about:certificate viewer does not show the cert chain when intermediate cert is expired


(Firefox :: Security, enhancement)

78 Branch




(Reporter: diddledang, Unassigned)


(Blocks 1 open bug)


User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

Yesterday I was playing around with certificates chains and so I tried to create an intermediate certificate that expires before an issued web server certificate does. E.g. cert (expires in):
root (10 years) > intermediate (1 day) > webserver (1 year)

Actual results:

Yesterday when the intermediate certificate was valid, Firefox shows up the webserver and the intermediate certificate like this: about:certificate?cert=...&cert=...

Today when the intermediate cert is expired, Firefox shows up a correct SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE warning and only the valid webserver certificate like this: about:certificate?cert=...

Expected results:

The problem is, that you get a correct warning, but you don't see the expired intermediate certificate, but only the valid Web Server certificate in the viewer.

Component: Untriaged → Security

Firefox Version: 88.0.1 (64-Bit)

This seems like a great enhancement, I will mark it as NEW and maybe one of our developers can take a look at this.

Ever confirmed: true
See Also: → 1716998
You need to log in before you can comment on or make changes to this bug.