Closed Bug 286410 Opened 20 years ago Closed 20 years ago

www.idea.pl certificate can't be verified.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: stlman, Assigned: KaiE)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041221
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041221

It seems like the proper root certificates are not installed by default.

Reproducible: Always

Steps to Reproduce:
1. Run Mozilla.
2. Opent the specified URL.

Actual Results:  
The warning Mozilla beeing unable to verify site's identity appears and the
question (accept/accept for the session/reject) is asked.

Expected Results:  
The warning does not appear.

This also happens with Firefox 1.0.1
The bug is quite wierd. Whe I launch Mozilla and try to enter the idea.pl site
(see URL) I get a wrning. So i refuse to accepth the certificate and wish not to
connect to this server any more (the third option). Next, when i connect to
https://www.thawte.com, which has got a certificate issued by the same authority
everything is clear. Later when I try to enter idea again (I refused to do it
once) the browser loads the page without a warning of any kind and says the
certificat is 100% OK.

In short:
1. Launch Mozilla
2. https://www.idea.pl/portal/map/map/register, WARNING
3. https://www.thawte.com/, OK
4. https://www.idea.pl/portal/map/map/register, OK

If i ommit step 2 everything else is the same.

If you look at the Cerficate Authority tree of this certificate (before visiting
thawte.com), you see that only www.idea.pl is listed there. Maybe the
certificate is a bit buggy (or NSS is ;)?
PSM i think, might be NSS so
Assignee: general → kaie
Component: General → Security: PSM
Product: Mozilla Application Suite → Core
QA Contact: general
Version: unspecified → Trunk
NSS devs/QA: Maybe you could take a look at this if this is a PSM bug or a NSS
bug? I'm not sure about that. Bug also occours with current Mozilla trunk.
can confirm this on both linux (1.8b) and windows (1.8a6)

A slightly different testcase

launch moz
1. https://www.thawte.com/, OK
2. https://www.idea.pl/portal/map/map/register, OK

shutdown and then relaunch moz
1. https://www.idea.pl/portal/map/map/register, WARNING



This is not a PSM or NSS bug.  This is a misconfigured
SSL server.  The server needs to send the cert chain,
including the intermediate CA cert, to the clients.
Right now the server is sending just the leaf cert.

Please ask the server's administrator to correct this.

See also bug 100426 and bug 141612.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
I've just sent a note to their webmaster.
You need to log in before you can comment on or make changes to this bug.