Closed Bug 266013 Opened 21 years ago Closed 21 years ago

Needs to correctly support Go Daddy / Starfield SSL

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: obijuan, Assigned: wtc)

References

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 Epiphany/1.2.7 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 Epiphany/1.2.7 Go Daddy is selling Starfield SSL certificates, and they are quite popular. However, Mozilla-based browsers do not correctly identify the certificate. This causes a lot of "untrusted" errors on sites which use these certificates so please build support in for them. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Do you know what we need to do to support these SSL certificates?
I'm not an expert on this but I think you need to include the "root certificate" or something. If you want to examine one, go to https://www.nadonauniversity.org/ and you can replicate the error. Also http://starfieldtech.com/ and talk to support. Sometimes they know, sometimes they don't but if you have them escalate the call and tell them you're a Mozilla developer trying to build in compatibility I'm sure they will get you to a guy who knows. Basically, the name of the company changed when Starfield bought the SSL business and now the certs don't verify on Mozilla browsers, but they do on IE. Go Daddy is selling these things super-cheap so people are buying them up and it looks bad for Firefox/Mozilla not to work.
How about a reproducible test case for this bug report?
My guess is this is a server configuration problem. I am currently using a go-daddy/Starfield SSL certificate and it's working correctly with all forms of netscape and mozilla browers I have testest (netscape 7, Firefox, mozilla 1.x). The important magic is the server must include the Starfield intermediate certificate in it's server chain. Starfield chains to Valicert, which is trusted in all forms of Netscape mozilla browsers since netscape communicator 4.0. If you are using a netscape Web server (NES), you simply need to import the Starfield intermediate CA into your CA database. NES will automatically include it in the chain. If you are using apache add the following line to your ssl.conf (or httpd.conf) file: SSLCertificateChainFile /etc/httpd/conf/ssl.cert/ca.crt Then copy the godaddy cert (in .pem format) to /etc/httpd/conf/ssl.cert/ca.crt. bob
I confirmed that this is a server configuration problem with https://www.nadonauniversity.org/. Marked the bug invalid.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Component: NSPR → Libraries
Product: NSPR → NSS
Version: other → 3.9
*** Bug 256648 has been marked as a duplicate of this bug. ***
*** Bug 268849 has been marked as a duplicate of this bug. ***
*** Bug 314200 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.