Closed
Bug 548380
Opened 14 years ago
Closed 13 years ago
Provide UI Capability to Recover from Invalid Security Certificate
Categories
(Core Graveyard :: Security: UI, enhancement)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 404486
People
(Reporter: david, Unassigned)
Details
(Whiteboard: [psm-cert-errors])
Attachments
(1 file)
|
7.86 KB,
image/jpeg
|
Details |
Error Popup
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100205 SeaMonkey/2.0.3 Build Identifier: When I recently attempted to go to <https://www.ftccomplaintassistant.gov/>, I got an error popup with the following message: > www.ftcomplaintassistant.gov uses an invalid security certificate. > The certificate is not trusted because the issuer certificate is not trusted. > (Error code: sec_error_untrusted_issuer) Since the page failed to load, I could not go to [View > Page Info] to determine what intermediate or root certificate was involved. Thus, I could not determine whether the U.S. Federal Trade Commission had a problem with its site certificate or that I caused the problem by turning off some trust bits for a root certificate (which I do sometimes). If the former, I could not communicate back to the Federal Trade Commission any meaningful information without knowing what root certificate was involved. If the latter, I could not restore the site trust bit without knowing which root certificate to edit. I request that the error popup in this case include a button to launch the Certificate Viewer so that the problem certificate can be evaluated. Further, the popup (or the Certificate Viewer) should have another button to import the site certificate in case the user surely knows that the site is legitimate, thereby ignoring any root certificate problem. Reproducible: Always I used the following workaround. I changed to a profile where I rarely visit secure sites. From there, I successfully visited <https://www.ftccomplaintassistant.gov/>. Launching the Certificate Viewer, I exported the site certificate. I then changed back to my usual profile and imported the site certificate. This is definitely not a user-oriented workaround. Somehow, I seem to recall that SeaMonkey 1.x did have a user-oriented capability for dealing with this situation.
|
||
Comment 1•14 years ago
|
||
In Firefox, I can manually open the "Add Exception" dialog through the Certificate Manager, enter any desired hostname, and view the certificate. Does that not work in Seamonkey?
|
Reporter | |
Comment 2•14 years ago
|
||
When the problem occurs again, I will try to set an exception and then try to view the site certificate's data. This, of course, is not really user-oriented. I'm proposing something that the average end-user might use in order to report the problem to the site's administrator or owner.
|
||
Comment 3•14 years ago
|
||
I am filled with warm fuzzies to see that DigiCert issued a wildcard cert for a .gov domain to a private corporation (Lockheed Martin) :-(
Site seems to load just fine, I'm guessing you maybe turned off Entrust's trust bits due to various issues they've had in the past.
> I'm proposing something that the average end-user might use in
> order to report the problem to the site's administrator or owner.
"Dear sysadmin: your site doesn't work". You start talking about inspecting the cert to see what the problem is and you're already way past "average-user" territory.
I haven't used Seamonkey 2, but does it have the same "Add an exception" mechanism as Firefox, reachable from the error page? If not could you try Firefox's and see if that's good enough for the type of savvy user who could make use of the information?|
|
Reporter | |
Comment 4•14 years ago
|
||
In SeaMonkey 2.0.4, the Add Exception button is available from the Preferences window at [Privacy & Security > Certificates > Manage Certificates > Servers]. I recall that no such button was available on the error popup.
|
||
Comment 5•14 years ago
|
||
In summary, you want a view-certificate option shown on certificate error pages, right? If yes, please change the summary to "Add ability to view certificate on certificate error pages." (I believe in applications that don't show an error page, but an error dialog box, like Thunderbird, I believe we already that ability.)
Assignee: kaie → nobody
Whiteboard: [psm-cert-error-pages]
|
|
Reporter | |
Comment 6•14 years ago
|
||
No, I want more than merely viewing the site certificate. I want the ability -- after judging what is really happening -- to import the site certificate. That would be part of recovering from an invalid certificate. Yes, I know that many users do not have the ability to make such judgment. I think I do have that ability, and I should not be constrained in my use of SeaMonkey (or any other Gecko-based browser) to operating only at the novice level. Perhaps this capability could be implemented as an option controlled by a preference with the default value of the preference set for novices.
|
|
Reporter | |
Comment 7•14 years ago
|
||
Going to <https://contractor.lexisnexis.com/CS/welcome.do?justanswer>, I got the error popup in the attachment. Here, the reason for the error is "issuer certificate is unknown" instead of "issuer certificate is not trusted". When the popup appeared, I had to select the OK button before I could do anything else. Everything else on the SeaMonkey window was frozen and disabled. Thus, I could not use [View > Page Info > Security > View Certificate] or any other method to see the site certificate. Other than the reason, this is exactly the same situation when the certificate is not trusted.
|
|
||
Comment 8•14 years ago
|
||
(In reply to comment #7) > Going to <https://contractor.lexisnexis.com/CS/welcome.do?justanswer>, I got > the error popup in the attachment. What is the value of browser.xul.error_pages.enabled in about:config? If it is true, as is default in Firefox, an SSL error on a full page or frame should give an error page with an "Add Exception" button instead of a pop-up. (SSL errors for embedded objects always give the pop-up.) Is true not the default in SeaMonkey? AIUI, the omission of "Add Exception" from the pop-up is deliberate because it would be too easy for users to click without thinking and, in the common case where the pop-up is for an embedded object, there is rarely a good reason to add an exception. But I could see an argument for showing the button if browser.xul.error_pages.expert_bad_cert is true. > When > the popup appeared, I had to select the OK button before I could do anything > else. Everything else on the SeaMonkey window was frozen and disabled. Thus, > I could not use [View > Page Info > Security > View Certificate] or any other > method to see the site certificate. Right... click OK, then add the exception and reload the page.
|
|
Reporter | |
Comment 9•14 years ago
|
||
Unfortunately, browser.xul.error_pages.enabled seems to control too many Web page discrepancies. I set it "false" so that a non-existent domain gives me a popup instead of a full page. This preference variable should control either the response to a bad domain or the response to a bad certificate but not both. I tried browser.xul.error_pages.enabled "false" browser.xul.error_pages.expert_bad_cert "true The popup did not provide a button to set an exception. I now guess that comment #8 merely suggested this as a fix, not as a current capability. Yes, making the https URI an exception in the Servers tab of the Certificate Manager or via the error page does allow me to reach the site. But I'm not sure that setting an exception is the appropriate way to address the problem of a bad certificate. When I encounter a bad certificate, I might be more interested in identifying the certificate, why it is bad, and to what intermediate (and possibly root) certificates it attempts to chain. That is, I might be more interested in diagnosing the problem rather than continuing with an uncertain and possibly malicious authentication.
|
|
||
Comment 10•14 years ago
|
||
(In reply to comment #9) > Unfortunately, browser.xul.error_pages.enabled seems to control too many Web > page discrepancies. I set it "false" so that a non-existent domain gives me a > popup instead of a full page. Why do you want that? > Yes, making the https URI an exception in the Servers tab of the Certificate > Manager or via the error page does allow me to reach the site. But I'm not > sure that setting an exception is the appropriate way to address the problem of > a bad certificate. > > When I encounter a bad certificate, I might be more interested in identifying > the certificate, why it is bad, and to what intermediate (and possibly root) > certificates it attempts to chain. That is, I might be more interested in > diagnosing the problem rather than continuing with an uncertain and possibly > malicious authentication. You can use the "View" button in the "Add Exception" dialog to view the certificate even if you have no interest in adding an exception. I do so routinely. If you do decide to add an exception later, be sure to click "View" again and make sure the certificate hasn't changed on you. (Yes, I know that last bit of advice belongs in a wiki somewhere rather than in this bug, but where?)
|
|
||
Updated•14 years ago
|
Whiteboard: [psm-cert-error-pages] → [psm-cert-errors]
|
||
Comment 11•14 years ago
|
||
(In reply to comment #3) > I am filled with warm fuzzies to see that DigiCert issued a wildcard cert for > a .gov domain to a private corporation (Lockheed Martin) :-( Hi Daniel. I apologize for the late response. I just saw this bug over the weekend and thought I'd at least make a late reply to try to ease your warm fuzzies. I researched our validation records, and here's a brief rundown of what happened: We contacted the official dotgov.gov registry and they referred us to the official POC for the ftccomplaintassistant.gov domain. The admin POC submitted his letter of authorization for the domain name and we used the official .gov registry contact information to follow up with the admin POC to confirm his approval of the certificate. If you have other concerns about our validation of this or any other certificate, please don't hesitate to contact me. Paul Tiemann CTO, DigiCert
|
||
Comment 12•13 years ago
|
||
dup of bug 404486?
|
|
||
Comment 13•13 years ago
|
||
Indeed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
Assignee | |
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•