Closed Bug 468037 Opened 17 years ago Closed 15 years ago

Certificate missing, little lock at bottom page visible, Administrator stumpted

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: travel, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 WWW.COTSE.NET issues certificates. The expired certificate was present and was deleted. The current certificate is missing or not visible. The https golden lock in the task bar is visible. Platform uses ESET Smart Security, connects through Wireless and puTTY and/or Stunnel. Reproducible: Always Steps to Reproduce: 1. 2. 3. Should be clear. Certificate is missing or not showing. No telling what illegal certificate may be permitting connection or if the issue is simpler, certificate not showing
I don't understand this report - you seem to be saying that you are seeing SSL indicators (the padlock) on a site that you don't expect to be there? When I connect to https://www.cotse.net/ I see a valid certificate signed by USERTRUST, expiring in 2009. Is this not intended?
This sites installation isn't complete. It's missing the CA chain. Additionally I received "Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)", perhaps due to the missing chain as well.
(Please respond here in the bug, not in private emails) > Thanks for your concern at this time. Cotse administrator writes: > When you visit the link https://tusk.cotse.com it serves the certificate. It > is a self-signed certificate. It does work fine with Firefox and Mozilla. As > a matter of fact Firefox tosses up a huge warning about it being an invalid > certificate because it is self-signed. Which is untrue, it just means we did > not pay a third party to make those warnings go away. I understand your concern now - and yes, those warnings will continue to be issued for self-signed certs. You can characterize it as "paying a third party to make warnings go away" if you like, but what we are actually concerned with is validated information that you are the legitimate holder of the domain, and not an imposter. There is more information on the subject here: http://blog.johnath.com/2008/08/05/ssl-question-corner/ > I have now installed the new certificate. I was writing that the icon LOCK was > visible when a certificate was not installed. The certificate is now validated > installed. However, it is self-signed and you, Johnathan Nightingale, have > written USERTRUST. Is USERTRUST the same as self-signed? No, sorry, the bug report only mentioned www.cotse.net, and https://www.cotse.net does use a validated certificate, so I didn't understand why you were seeing the warning about self-signed certificates. As for the complaint that you were seeing the lock without a certificate installed, I can't reproduce that behaviour on either of the sites mentioned, so I can't diagnose the problem further without reliable steps to reproduce the problem.
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE. Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.