301581 - ValiCert SSL Certificate Do Not Verify

Status: RESOLVED WORKSFORME

(NSS :: Libraries, defect)

Description

[Matthew Duane Meyer]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414

SSL Server certificates issued with a Valicert Certificate Authority as the root
(in our case Valicert Class 2), do not seem to verify properly in Mozilla 1.7.x.
 The error message indicates that the issuer is not trusted, even though the
Valicert roots (Class 1, 2, and 3) are all on the default list of trusted
authorities.   Godaddy.com is issuing certificates which stem from the ValiCert
root.  The problem may be that the Valicert Root CAs use a website URL in their
Common Name (CN) attribute as http://www.valicert.com.   This is different than
the other root CAs in the default list.  

Reproducible: Always

Steps to Reproduce:
1. Get an SSL Server Certificate from GoDaddy.com
2. Set up your HTTPS Server
3. Try to access the site

Actual Results:  
Certificate warning from Mozilla saying that the root authority is not trusted
even though it is clearly in the list

Expected Results:  
Trusted the SSL connection with no warning to the user

Comment 1

[Matthew Duane Meyer]

We are able to reproduce the bug in Mozilla 1.7.8, even though I initially
reported the bug from a 1.7.7 browser

Comment 2

[opperior]

Problem can also be reproduced in Firefox 1.5.0.3

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

Please cite a URL that demonstrates this problem.

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

Here's a URL for a site with a godaddy cert that chains to valicert.
Seems to work as expected for me.
https://www.godaddy.com/gdshop/real_godaddy.asp?se=%2B&ci=2883