Closed Bug 534469 Opened 15 years ago Closed 15 years ago

Verisign cert is not valid despite it being truly valid

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: dtumpic, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

The CA list on the different OS'
172.34 KB, image/png
Details
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091105 Fedora/3.5.5-1.fc12 Firefox/3.5.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5) Gecko/20091102 Firef ox/3.5.5 (.NET CLR 3.5.30729) When visiting https://seymoursmith.com/estore with Fire Fox 3.0.10, 3.5.2, 3.5.3 using Windows (W2k & Vista) it does not validate the certificate. Doing the same (versions) on Linux and Mac works as expected and makes a proper validation. On the Windows build the "VeriSign Class 3 Extended Validation SSL SGC CA" is not present in the certificate authority. Reproducible: Always Steps to Reproduce: 1.Go to https://seymoursmith.com/estore 2. 3. Actual Results: This connection is Untrusted Expected Results: Should show the page secure and all with no complaint like on Linux and Mac OS X I tried to completely uninstall FF and then reinstall it again but it is still missing some of the root CA's for Verisign.
The picture clearly shows that the Windows install is missing more than a few of the Verisign CA certs.
It works in FF3.5.5 with my default profile and Seamonkey trunk but it stops working in a new profile. This looks like a server misconfiguration (doesn't send certificate chain) which would make this bug invalid.
Yes this was indeed a server side misconfiguration. The webserver needs the intermediate CA's from Verisign explicitly. https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657 Now everything works as expected. This was not a problem with Firefox Windows build at all and should be closed as a non-issue unless Firefox error message can be made to look a little bit more informative... say "Certificate Chain Not Provided" in cases like these. Thank you for the clarification and hint.
>This was not a problem with Firefox Windows build That is not true, it's the same issue with a windows Firefox build because Gecko is cross platform and the SSL code is the same. You only visited once a page with the same certificate that sent the intermediate CA and Firefox cached it in your Firefox profile. You will get the same result if you create a new profile with your windows Firefox and visit such a broken server. - http://kb.mozillazine.org/Profile_Manager Sorry that i wasn't more clear with the issue. I understand the SSL basics but not this part (that's the reason why I added jruderman as cc). You are not the first reporter with this issue and that's the reason why I know the symptoms.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: