Closed
Bug 432537
Opened 16 years ago
Closed 5 years ago
Can't view certificate when the issuer certificate is not trusted
Categories
(Firefox :: Page Info Window, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1501955
People
(Reporter: jwatt, Unassigned)
Details
(Whiteboard: [psm-cert-errors])
Attachments
(1 file)
bugzilla.mozilla.org is untrusted because I currently distrust all root CAs
When the issuer certificate is not trusted, Firefox won't let you view the page certificate to e.g. find out who the issuer is. Under Page Info > Security it erroneously claims "This web site does not supply identity information." See for example https://intranet.joost.com/
|
||
Comment 1•16 years ago
|
||
You can view the cert from the "Add an exception" dialog, but that isn't obvious.
Assignee: kengert → nobody
Component: Security: UI → Page Info
Product: Core → Firefox
QA Contact: ui → page.info
|
||
Comment 2•16 years ago
|
||
My proposed message changes to solve 424182 would now also cover this case.
|
|
||
Comment 3•16 years ago
|
||
That is Bug 424182 (just to make bugzilla hyperlink it)
|
||
Comment 4•15 years ago
|
||
i would like to extend this to the rovoked certificate. i just had this problem and couldnt even see if it was the correct certificate installed. i had to go to chrome to do this (that shows the revoked message, but allows to see the certificate info) please note that the revoked certificate doesnt have "Add an exception" option, so you are locked out So even if the SSL/TLS connection is "failed", the user should be able to see the server certificate info. this problem also applies to all OS, not just windows
|
||
Comment 5•14 years ago
|
||
FF 3.6, Mac OSX 10.6 - same problem. Ever since I "upgraded" to FF 3.6 and try to access WiFi at Starbucks, McDonalds or some other wayport, I get the accursed "Certificate Not Trusted" pop up. I can view the perfectly acceptable Starbuck/ATTs or McDonalds/ATT certificate however I cannot make the pop up go away and so it renders FF useless and I must revert to Safari as a backup browser. FF needs to have a third option on their pop up, instead of simply: "View Certificate" or "Cancel". That third option should be: Always Trust This Site" so we can move on and not have to deal with this bug each time.
|
||
Updated•14 years ago
|
Whiteboard: [psm-cert-error-pages]
|
|
||
Updated•14 years ago
|
Whiteboard: [psm-cert-error-pages] → [psm-cert-errors]
With Firefox 36 Beta no longer accepting SHA-1 hashed certificates, this problem is getting worse. The Console will Warn about this condition, if you know to go looking... but you are still unable to see the certificate itself or the certification chain, making it quite difficult to figure out why the site is not trusted.
|
||
Comment 7•9 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #1) > You can view the cert from the "Add an exception" dialog, but that isn't > obvious. In Firefox 35, I cannot even open the “Add an exception” dialog. See the attached screenshot.
|
|
||
Comment 8•9 years ago
|
||
|
||
Comment 9•5 years ago
|
||
In Firefox Quantum 65.0.2 , this is still a problem.
Reproduction steps:
- Go to https://badssl.com/ , and choose "expired", "wrong.host", "self-signed", "untrusted-root", "revoked", "pinning-test", "dh480", "dh512", "invalid-expected-sct", "sha1-intermediate", or "subdomain.preloaded-hsts".
- Observe the "connection is not secure" screen.
- Look for the certificate chain by clicking the i-circle icon to the left of the url, click "connection", click "more information", click "view certificate".
Expected behavior:
The user can view the certificate and certificate chain in the Certificate Viewer.
Actual behavior:
The "view certificate" button does nothing. No certificate viewer, no message about where else to find the certificate chain, no error of any kind... it's not even a grayed-out button! The button can be clicked, but then just silently fails.
It has been mentioned in this thread that when in this dilemma, you should click "add an exception".
- Does clicking "add an exception" immediately create the exception for this URL without any kind of dialog or confirmation? Being cautious, I of course assumed that yes it does, as would most people.
- Does the general population read this thread? No. Is this information public knowledge? No.
- This is an unacceptable solution, because this workflow makes absolutely no sense:
- I encounter a potentially dangerous site. I need to decide whether or not this site is actually dangerous, so I need to read the certificate.
- Therefore I already start the process of adding an exception to this potentially dangerous site, so I can read the certificate, so I have the information I need to decide whether I should add an exception for this site.
Fortunately, fixing this workflow does not require a large rework of anything. All you have to do is fix a bug so that clicking "view certificate" actually opens the "Certificate Viewer" dialog.
|
||
Comment 10•5 years ago
|
||
This was fixed by bug 1484873 and bug 1501955, duping to bug 1501955
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•