Closed
Bug 591870
Opened 14 years ago
Closed 14 years ago
New Thawte Intermediate Code Signing Certificate Authority is not installed
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 321156
People
(Reporter: michael, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b4) Gecko/20100818 Firefox/4.0b4 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0b4) Gecko/20100818 Firefox/4.0b4 As of July 15, 2010, Thawte uses a new Intermediate Code Signing Certificate Authority in the .xpi signing chain. Firefox 4.0beta4 and earlier does not have this CA installed, and therefore signing .xpi extensions with a Thawte Code Signing certificate does not work. Reproducible: Always Steps to Reproduce: Browse to https://www.eazypaper.com/binary/EazyPaperZoteroIntegrationSigned.xpi - This .xpi file has been signed with a Thawte Code Signing Certificate issued after July 15, 2010 (ie: it depends on the new Thawte Code Signing Certificate Authority) Actual Results: Firefox 4.0beta4: Author is not verified (ie: .xpi file appears to be unsigned) Firefox 3.6.8 and earlier: EazyPaper Inc. is verified as the signer, but installation fails with error -260 "because: Signing could not be verified." Expected Results: EazyPaper Inc. is verified as the signer and the extension installs To prove that the problem is with the lack of the Thawte Intermediate Code Signing Certificate Authority, install it by: 1) Following the instructions of https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1382 2) Firefox->Tools->Options->Advanced->Encryption->View Certificates->Import->(The certificate you just downloaded in 2.1, default is intca.cer) 3) Check "Trust this CA to identify software developers" and click Ok 4) Browse to https://www.eazypaper.com/binary/EazyPaperZoteroIntegrationSigned.xpi and note that bug is fixed for all versions of Firefox from 3.0 to 4.0beta4 inclusive
Comment 1•14 years ago
|
||
Intermediate certificates are not in the Mozilla root. Websites have to include the whole certificate chain including the intermediate certificate but I don't know if this is possible if you sign XPIs.
Component: Extension Compatibility → Security: PSM
Product: Firefox → Core
QA Contact: extension.compatibility → psm
Comment 2•14 years ago
|
||
Seems like a known problem. See https://developer.mozilla.org/en/Signing_a_XPI and search for "intermediate".
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•