SSL_ERROR_EXPIRED_CERT_ALERT, but Zertificate chain looks OK
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: u20230201, Unassigned)
Details
Attachments
(2 files)
List of user certificates (replacing each other)
Steps to reproduce:
Connect to a site I did connect before using Firefox 102.4.0esr (64-bit) on Windows 10
Actual results:
I got an SSL_ERROR_EXPIRED_CERT_ALERT, but the certificate chain looks OK.
On closer inspections it seems that the user certificate had expired. Actually the certificate was renewed and stored in Firefox, but Firefox seems not to consider the newer certificate, or ask the user about it.
Actually I have no idea other than restarting Firefox to change the user certificate.
Expected results:
SSL_ERROR_EXPIRED_CERT_ALERT should only be triggered if a certificate is expired, or the expired certificate should be displayed.
|
Reporter | |
Comment 1•2 years ago
|
||
The user certificates all have the same subject, but different validity intervals. Possibly there is an overlap of a few days between the two most recent user certificates.
|
||
Comment 2•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
|
Reporter | |
Comment 3•2 years ago
|
||
I found the root cause of the problem: Under the well-hidden "Authentication Decisions" there was the expired user certificate (twice for some reason)
After removing those entries, Firefox asked again which certificate to use (it suggested only one; the right one).
Then authentication succeeded.
So the original error message is very much confusing, and there is very little useful advice how the user can resolve such a problem!
|
||
Updated•2 years ago
|
Description
•