User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729) Visiting the site in Firefox shows "The certificate is not trusted because the issuer certificate is unknown." However, it works on Google Chrome (tested on OS X Snow Leopard), Safari (tested on OS X Snow Leopard), and Internet Explorer 8 (Windows XP) Reproducible: Always Steps to Reproduce: 1. Visit https://eb.bankcomm.com.hk/eb/login.action on Firefox 2. Shows the error 3. Compare the result with other web browsers Actual Results: It displays the error: eb.bankcomm.com.hk uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) Expected Results: Page should render properly, without the "This Connection is Untrusted" error. Tested on OS X and Windows XP
This is a server misconfiguration, the server doesn't send the complete certificate chain. The intermediate certificate seems to be missing : http://www.sslshopper.com/ssl-checker.html#hostname=https://eb.bankcomm.com.hk You will not get the error if you visit a page that sends the intermediate certificate correctly. Gecko will store it in the internal database and from that point you can visit such a broken server without error.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
Thanks Matthias. I'll follow up with the bank. Case close, thanks.
It seems to be fixed now, the URL from comment 1 shows a complete chain.
Status: RESOLVED → VERIFIED
I can confirm that they fixed their server. http://www.sslshopper.com/ssl-checker.html#hostname=https://eb.bankcomm.com.hk shows a complete chain.
Yes, they've fixed the problem.
The status FIXED is for when Mozilla fixed something (so it can be included in the release notes for instance).
Resolution: FIXED → INVALID
You need to log in before you can comment on or make changes to this bug.