Closed Bug 612595 Opened 15 years ago Closed 15 years ago

sec_error_unknown_issuer error from https://www.fido.ca/

Tracking

()

Status:

RESOLVED INVALID

People

(Reporter: bwinton, Unassigned)

Details

Blake Winton (:bwinton) (:☕️)

Reporter

Description

•

15 years ago

I seem to be getting a sec_error_unknown_issuer error from https://www.fido.ca/ in FF4.0b7, but it loads okay in Safari. The english is: www.fido.ca uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) if that helps. Thanks, Blake.

Matthias Versen [:Matti]

Comment 1

•

15 years ago

This is a server error, it doesn't deliver the intermediate certificate if I thrust the output of http://www.sslshopper.com/ssl-checker.html#hostname=https://www.fido.ca/

Status: NEW → RESOLVED

Closed: 15 years ago

Resolution: --- → INVALID

Kevin Brosnan

Comment 2

•

15 years ago

Their chain is broken according to openssl openssl s_client -connect www.fido.ca:443 > ./fido.ca.txt CONNECTED(00000003) --- Certificate chain 0 s:/C=CA/ST=Ontario/L=Toronto/O=Fido Solutions Inc/OU=RSO/OU=Terms of use at www.verisign.com/rpa (c)05/CN=www.fido.ca i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFNzCCBB+gAwIBAgIQEoZVRHEXsbpSnyivCcthWjANBgkqhkiG9w0BAQUFADCB tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTAxMTEw MDAwMDAwWhcNMTExMTE2MjM1OTU5WjCBpzELMAkGA1UEBhMCQ0ExEDAOBgNVBAgT B09udGFyaW8xEDAOBgNVBAcUB1Rvcm9udG8xGzAZBgNVBAoUEkZpZG8gU29sdXRp b25zIEluYzEMMAoGA1UECxQDUlNPMTMwMQYDVQQLFCpUZXJtcyBvZiB1c2UgYXQg d3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDUxFDASBgNVBAMUC3d3dy5maWRvLmNh MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClI6CJPdO8nLNkrgt7tl6dw2xm MlXMCmjgdzqqKW5X3BmlECpdcfx/jt0Itnw0u5QDSRyti/r8DBsZ3RSm2d96ZgyH dCajwcxu/pJgXNHNYY/Kv3fAuRIaWaYMdn2j2WcclxNfuY3qUQyitE2HKWUgVRMQ 8fzcsyFXQV61lNMlZwIDAQABo4IB0TCCAc0wCQYDVR0TBAIwADALBgNVHQ8EBAMC BaAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVy aXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB BxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFA1EXBZT RMGCfh0gqyX0AWPYvnmlMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0 cDovL29jc3AudmVyaXNpZ24uY29tMEAGCCsGAQUFBzAChjRodHRwOi8vU1ZSU2Vj dXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2VyMG4GCCsGAQUF BwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiW Bgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xv Z28xLmdpZjANBgkqhkiG9w0BAQUFAAOCAQEAoaYCvZbfKGJkIBcrolw2jEvvqhw/ 3Rt/FG0/9BwQpO5NWyGVCbuW++zrEoTFfkc5RyxrKn9r9TnB3JYiT4/xKzFpPPnC 3Hii4DyajJtqyj9TFWBvPCf49Twg5r7exO5WufMKxfxr0oNIuwt2PgOf4Mq9QH1m jlgQXbVo0ek/TLoKezCT0aBqdysHyvHLgmQx6QKBBHsv5n9xOQYtSWyLVOfIqBPX rHXOdF2wvFaaVNy+MYiDBtItDKSMx3G27cKapnO2yrd6ebocWJmvUaXaseujgNAG 1wsP5aKO8wDK7qTvR+oF/sY9l4buLz+kgGP4efPefm0MB98cV5t+Qw4Vcg== -----END CERTIFICATE----- subject=/C=CA/ST=Ontario/L=Toronto/O=Fido Solutions Inc/OU=RSO/OU=Terms of use at www.verisign.com/rpa (c)05/CN=www.fido.ca issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 1910 bytes and written 311 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 60CCE419958A1CDC784A8A359D9899C78C14631BC105AC4F4839CCAE81716A75 Session-ID-ctx: Master-Key: 5C9B413559139A1583A98267E0D933B695EA0B73BD6B742DB9112CD5115AF12D39E43B08677A8EC96C1ED1AC08C1B441 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1289923771 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://www.fido.ca/">here</a>.</p> <hr> <address>Apache Server at www.fido.ca Port 443</address> </body></html> closed ***end of openssl command*** Error 21: X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate no signatures could be verified because the chain contains only one certificate and it is not self signed. There is not anything Mozilla can do to fix their cert chain. The owner of the site needs to work with their ssl reseller or with Verisign.

You need to log in before you can comment on or make changes to this bug.

Bugzilla

sec_error_unknown_issuer error from https://www.fido.ca/

Categories

(Firefox :: Security, defect)

Tracking

()

People

(Reporter: bwinton, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2