IPSCA SSL Cert not Accepted in Mozilla, Accepted in IE8



9 years ago
2 years ago


(Reporter: ndr, Assigned: kwilson)


Firefox Tracking Flags

(Not tracked)





9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)

New IPSCA SSL Certificates are not being accepted. However, IE8 accepts them. Are there plans to update this CA soon? Many .edu domains are reporting this as a huge issue because IPSCA offers free certificates.

Reproducible: Always

Steps to Reproduce:
1. Access https://collab.ctrip.ufl.edu in Mozilla
2. Access https://collab.ctrip.ufl.edu in IE8
3. Compare the result
Actual Results:  
IE8 loads page, accepts certificate. Mozilla does not trust the certificate.

Expected Results:  
Mozilla should trust the certificate.

Comment 1

9 years ago
Not security-sensitive, moving to a more accurate component...
Assignee: nobody → kathleen95014
Group: core-security
Component: General → CA Certificates
Product: Firefox → mozilla.org
QA Contact: general → ca-certificates
Version: unspecified → other

Comment 2

9 years ago
This has nothing to do with the certificate (you might have installed): Firefox can't find the server at collab.ctrip.ufl.edu.

;; Got SERVFAIL reply from xx.xxx.xx.xxx, trying next server
;; Got SERVFAIL reply from xxx.xx.xx.xxx, trying next server
;; connection timed out; no servers could be reached

Comment 3

9 years ago
Perhaps it's a DNS issue. Did you include https:// in the url? It is an SSL only site.

Comment 5

9 years ago
Thank you Eddy. I am following another thread related to IPSCA certs. I think this thread can be closed.

Comment 6

9 years ago
OK - I would nevertheless like to understand the problem you experience because at the moment the certificate should work if it's correctly installed. Do you have an alternative URL?

Comment 7

9 years ago
Is this a duplicate of bug #529286?  No, it doesn't state the exact same problem; but it seems this is a consequence of that earlier bug report.

Comment 8

9 years ago
Yes, apparently new certificates are issued from a root which isn't in Mozilla - most likely the one from bug 529286. I believe we can mark this bug as resolved.


9 years ago
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 529286


2 years ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.