Open
Bug 462210
Opened 17 years ago
Updated 3 years ago
Unable to access addons due to "invalid security certificate" (two GlobalSign Root CA certificates?)
Categories
(Firefox :: Security, defect)
Tracking
()
NEW
People
(Reporter: bugzilla, Unassigned)
References
()
Details
Attachments
(5 files)
my certificates
I'm using a nightly build and for the last week I've been getting:
"addons.mozilla.org uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)"
when I try to access
https://addons.mozilla.org/
It's weird since I haven't changed anything. It just happen
|
||
Comment 1•17 years ago
|
||
Henrik - does this happen with other sites, too? https://www.paypal.com
I'm wondering if you're being Man-in-the-Middle'd, or if it's just a vanilla certificate problem.
It would also help if you could view the certificate (via the "Add Exception" dialog) and paste the details
|
Reporter | |
Comment 2•17 years ago
|
||
https://www.paypal.com/ works just fine
|
|
Reporter | |
Comment 3•17 years ago
|
||
|
||
Comment 4•17 years ago
|
||
I've heard this a number of times, I think there might be an AMO bug somewhere
|
|
||
Comment 5•17 years ago
|
||
Your cert details and fingerprints match what I see, and it loads for me, so now it does appear to be a chain-validation issue, not any obvious kind of attack.
This is what my chain looks like, and the serial number of the root "GlobalSign Root CA" is: 04:00:00:00:00:01:15:4B:5A:C3:94
Does that match your chain? Do you have a cert with that name and serial number in your root store?
|
|
Reporter | |
Comment 6•17 years ago
|
||
If you look at the certs listed in the first attached screenshot I actually have two "globalsign root ca".
I think that's the problem. But I didn't change anything. I download a new nightly build every night and the bug started sometime last week I think.
I'll attach the two globalsign details
|
|
Reporter | |
Comment 7•17 years ago
|
||
|
|
Reporter | |
Comment 8•17 years ago
|
||
|
|
Reporter | |
Comment 9•17 years ago
|
||
If I delete the GlobalSign Root CA certificate that's listed as "Could not verify this certificate for unknown reasons" using the Certificate Manager and then restart the browser it reappears!
|
||
Comment 10•17 years ago
|
||
GlobalSign's roots were updated recently, see bug 406794. The one sent with the server is most likely the older root which has been updated/re-rolled, whereas the NSS store has now the new root(s) including roll-over of one of them.
|
|
||
Comment 11•17 years ago
|
||
BTW, I suggest *not* to change the CA certificates at the addons.mozilla.org server until a new release with the updated NSS is shipped.
|
|
||
Comment 12•17 years ago
|
||
(In reply to comment #9)
> If I delete the GlobalSign Root CA certificate that's listed as "Could not
> verify this certificate for unknown reasons" using the Certificate Manager and
> then restart the browser it reappears!
CA certificates can't be really deleted without removing the library.
|
|
Reporter | |
Comment 13•17 years ago
|
||
Now I deleted all of the *.db files in my profile and restarted and it works.
|
||
Updated•17 years ago
|
Summary: Unable to access addons due to "invalid security certificate" → Unable to access addons due to "invalid security certificate" (two GlobalSign Root CA certificates?)
|
||
Comment 14•16 years ago
|
||
Related to Bug 448772.
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•