Closed Bug 552976 Opened 14 years ago Closed 13 years ago

Can't confirm exception for sec_error_untrusted_issuer

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
3.6 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: bmearns, Unassigned)

Details

(Whiteboard: [bugday-2011-05-27]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

Visiting a secure website with an untrusted issuer, I am able to launch the Add Security Exception dialog, and retrieve the certificate, but the Certificate Status panel reports that "This site provides valid, verified identification. There is no need to add an exception." and the "Confirm Security Exception" button is disabled, preventing me from confirming the exception and accessing the site.

This happens with both self-signed and non-self-signed certificates.

Reproducible: Always

Steps to Reproduce:
1. Visit a secure site with an untrusted issuer (https://www.brianpmearns.com/ has a cert signed by StartCom Ltd., you can use that if you don't have the StartCom CA certs installed)
2. Expand the "Technical Details" section and confirm that the Error code is sec_error_unknown_issuer.
3. Expand the "I Understand the Risks" section.
4. Click the "Add Exception..." button.
5. Click the "Get Certificate" button.

You should now be able to confirm the security exception, but the button to do so is disabled.
Actual Results:  
The "Confirm Security Exception" button is disabled, preventing the exception from being added.

Expected Results:  
The "Confirm Security Exception" button should be enabled, allowing the exception to be added.

The only work around I know of us to install the issuer's cert as a trusted CA. Without doing so, you are unable to visit the website, but doing so could be a security issue.
Version: unspecified → 3.6 Branch
Can you see this also in Firefox 4 or newer?
Whiteboard: [bugday-2011-05-27]
I can confirm this same issue is present in FF 4.0.1
The provided URL is inaccessible for me. However I could not reproduce the problem when it was working on 2011-05-27. So what steps are missing from the original description? How can you reproduce it and on which site?
I followed the same steps but with a server on my internal work network, so I don't think any steps need to be added, just an accessible server to test against.
Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110609 Firefox/7.0a1

I can't reproduce this bug using the latest Nightly and https://mur.at (I assume this site is sufficient as it gives a sec_error_unknown_issuer error).

Can you please try to reproduce this with the latest Nightly?
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central/
There is a very similar Bug 659736 but I can't reproduce either.
If the Add Exception dialog is reporting the certificate as Valid, then this is a dupe of bug 545606. Brian, can you confirm?
duplicate of bug 524500 ?
Resolving INCOMPLETE due to lack of feedback -- Brian please re-resolve as DUPLICATE if you think it is a dupe of the bug on comment 7 or comment 8. If you think it is neither, please reopen and provide more details on this bug.

Thanks
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.