Digicert TLS RSA SHA256 2020 CA1 Untrusted
Categories
(Core :: Security: PSM, enhancement)
Tracking
()
People
(Reporter: doyle.soler, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Steps to reproduce:
Use any certificate issued by Digicert TLS RSA SHA256 2020 CA1 CA.
CA Certificate is not in included CA certificate List
Actual results:
Digicert TLS RSA SHA256 2020 CA1 CA, Certificate does not validate.
Expected results:
CA Certificate should be valid. CA Certificate is published by Digicert.
References:
https://www.digicert.com/kb/digicert-root-certificates.htm
Direct Link:
https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt.pem
Included CA Certificate List Reference:
https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport
Updated•3 years ago
|
Comment 1•3 years ago
|
||
Digicert TLS RSA SHA256 2020 CA1 is an intermediate certificate, not a root, as you can see on Digicert's list. Further, it is trusted in Firefox as it is signed by the Digicert Global Root CA. You can test this by visiting a site which uses the certificate, like this one: https://transfer.anbbank.com/
Comment 2•3 years ago
|
||
(In reply to doyle.soler from comment #0)
Actual results:
Digicert TLS RSA SHA256 2020 CA1 CA, Certificate does not validate.
If you're configuring a server that was issued by that intermediate certificate, you need to include that intermediate in the list of certificates sent in the TLS handshake.
Description
•