Closed
Bug 190689
Opened 22 years ago
Closed 22 years ago
accessing https://www.online.petro-canada.ca/petro-points/join/join.asp?l=E get "Website Certified by an Unknown Authority"
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: gabor.liptak, Assigned: ssaux)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030112 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030112 accessing https://www.online.petro-canada.ca/petro-points/join/join.asp?l=E get "Website Certified by an Unknown Authority" Reproducible: Always Steps to Reproduce: 1. connect to https://www.online.petro-canada.ca/petro-points/join/join.asp?l=E 2. 3. Actual Results: "Website Certified by an Unknown Authority" dialog pops up Expected Results: being able to connect without this notification to the site
Comment 1•22 years ago
|
||
*** This bug has been marked as a duplicate of 190394 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 2•22 years ago
|
||
I disagree with this being a duplicate. Please note that this is using 20030112 and other secure sites are working OK.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 3•22 years ago
|
||
*** This bug has been marked as a duplicate of 190394 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → DUPLICATE
Version: unspecified → 2.4
Reporter | ||
Comment 4•22 years ago
|
||
not again :( this problem is still present with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030128 I wonder how many reopening it will take for somebody to willing to try out the URL provided ...
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 5•22 years ago
•
|
||
I see the same thing happen on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021226 Debian/1.2.1-9 Your URL causes the unknown authority message. More importantly for me, the URL [redacted] which is the Social Security Administration's Business Services Online registration page, has the same problem. This URL is linked to from [redacted] This error also happened with Mozilla 1.1; I upgraded the browser to 1.2.1 to no avail. I want to know if the SSA's certificate is valid or not.
Reporter | ||
Comment 6•22 years ago
•
|
||
hmmm this [redacted] has no error with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030128 but than I'm NOT seeing the previous error too at [redacted] Can somebody else comment please?
Comment 7•22 years ago
|
||
It appears that the server certs are not properly installed, and don't contain the entire cert chain, thus the error in Mozilla and Navigator 4.78. If you have clicked through and visited one of these sites in the same session, you can visit more of the same in the same session.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Comment 8•22 years ago
|
||
I agree with John, these are incorrectly configured servers, exactly as the error message shown suggests. While you see the error message, click "view cert" and "details". You'll see in the upper hierarchy that only one cert is listed. Please inform the site administrators of their misconfiguration. Tell them they have not configured their "intermediate certificate" correctly. Ask them go to the Verisign knowledgebase to learn how to do it. Marking as invalid.
Comment 9•22 years ago
|
||
invalid
Status: NEW → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → INVALID
Comment 11•22 years ago
|
||
*** Bug 191333 has been marked as a duplicate of this bug. ***
Comment 12•22 years ago
|
||
See http://bugzilla.mozilla.org/show_bug.cgi?id=191480 Which is about Examine Certificate showing false Details in this case.
Comment 13•22 years ago
|
||
I've added an Enhancment request about clarifying the display of Examine Cert Details tab to clarify for ordinary users that the details shown are actually missing intermediate cert fields such as the Common Name in this case. http://bugzilla.mozilla.org/show_bug.cgi?id=191897
Comment 14•21 years ago
|
||
*** Bug 194894 has been marked as a duplicate of this bug. ***
Comment 15•21 years ago
|
||
This server's configuration is certainly flawed. However, the configuration flaw in this server is that the server is configured to use ONLY SSL version 2, yet it has a certificate chain that CANNOT work with SSL version 2. SSl version 2 does not and cannot send intermediate CA certs from the server to the client. The SSL2 protocol simply has no way to send any cert other than the server's own cert. So, if one is operating an SSL2-only server, one MUST get a server cert from a trusted CA that issues server certs signed directly by the root CA cert, where no intermediate CA cert is involved. If one has a server cert that was issued by an intermediate CA, then one must use SSL 3.0 or TLS (which is SSL 3.1), and one must configure the server to send both the server cert and the intermediate CA cert(s).
Comment 16•21 years ago
|
||
*** Bug 214165 has been marked as a duplicate of this bug. ***
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•