Closed Bug 266013 Opened 20 years ago Closed 20 years ago

Needs to correctly support Go Daddy / Starfield SSL

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: obijuan, Assigned: wtc)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 Epiphany/1.2.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 Epiphany/1.2.7

Go Daddy is selling Starfield SSL certificates, and they are quite popular. 
However, Mozilla-based browsers do not correctly identify the certificate.  This
causes a lot of "untrusted" errors on sites which use these certificates so
please build support in for them.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Do you know what we need to do to support these
SSL certificates?
I'm not an expert on this but I think you need to include the "root certificate"
or something.  If you want to examine one, go to
https://www.nadonauniversity.org/ and you can replicate the error.

Also http://starfieldtech.com/ and talk to support.  Sometimes they know,
sometimes they don't but if you have them escalate the call and tell them you're
a Mozilla developer trying to build in compatibility I'm sure they will get you
to a guy who knows.

Basically, the name of the company changed when Starfield bought the SSL
business and now the certs don't verify on Mozilla browsers, but they do on IE.
 Go Daddy is selling these things super-cheap so people are buying them up and
it looks bad for Firefox/Mozilla not to work.
How about a reproducible test case for this bug report?
My guess is this is a server configuration problem. I am currently using a
go-daddy/Starfield SSL certificate and it's working correctly with all forms of
netscape and mozilla browers I have testest (netscape 7, Firefox, mozilla 1.x).

The important magic is the server must include the Starfield intermediate
certificate in it's server chain. Starfield chains to Valicert, which is trusted
in all forms of Netscape mozilla browsers since netscape communicator 4.0.

If you are using a netscape Web server (NES), you simply need to import the
Starfield intermediate CA into your CA database. NES will automatically include
it in the chain.

If you are using apache add the following line to your ssl.conf (or httpd.conf)
file:

SSLCertificateChainFile /etc/httpd/conf/ssl.cert/ca.crt

Then copy the godaddy cert (in .pem format) to /etc/httpd/conf/ssl.cert/ca.crt.

bob



I confirmed that this is a server configuration
problem with https://www.nadonauniversity.org/.

Marked the bug invalid.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Component: NSPR → Libraries
Product: NSPR → NSS
Version: other → 3.9
*** Bug 256648 has been marked as a duplicate of this bug. ***
*** Bug 268849 has been marked as a duplicate of this bug. ***
*** Bug 314200 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.