User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:220.127.116.11) Gecko/20091105 Fedora/3.5.5-1.fc12 Firefox/3.5.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:18.104.22.168) Gecko/20091102 Firef ox/3.5.5 (.NET CLR 3.5.30729) When visiting https://seymoursmith.com/estore with Fire Fox 3.0.10, 3.5.2, 3.5.3 using Windows (W2k & Vista) it does not validate the certificate. Doing the same (versions) on Linux and Mac works as expected and makes a proper validation. On the Windows build the "VeriSign Class 3 Extended Validation SSL SGC CA" is not present in the certificate authority. Reproducible: Always Steps to Reproduce: 1.Go to https://seymoursmith.com/estore 2. 3. Actual Results: This connection is Untrusted Expected Results: Should show the page secure and all with no complaint like on Linux and Mac OS X I tried to completely uninstall FF and then reinstall it again but it is still missing some of the root CA's for Verisign.
Created attachment 417319 [details] The CA list on the different OS' The picture clearly shows that the Windows install is missing more than a few of the Verisign CA certs.
It works in FF3.5.5 with my default profile and Seamonkey trunk but it stops working in a new profile. This looks like a server misconfiguration (doesn't send certificate chain) which would make this bug invalid.
Yes this was indeed a server side misconfiguration. The webserver needs the intermediate CA's from Verisign explicitly. https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657 Now everything works as expected. This was not a problem with Firefox Windows build at all and should be closed as a non-issue unless Firefox error message can be made to look a little bit more informative... say "Certificate Chain Not Provided" in cases like these. Thank you for the clarification and hint.
>This was not a problem with Firefox Windows build That is not true, it's the same issue with a windows Firefox build because Gecko is cross platform and the SSL code is the same. You only visited once a page with the same certificate that sent the intermediate CA and Firefox cached it in your Firefox profile. You will get the same result if you create a new profile with your windows Firefox and visit such a broken server. - http://kb.mozillazine.org/Profile_Manager Sorry that i wasn't more clear with the issue. I understand the SSL basics but not this part (that's the reason why I added jruderman as cc). You are not the first reporter with this issue and that's the reason why I know the symptoms.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.