Firefox Doesn't Support Verisign Class 3 International Server CA - G3 Certificates

VERIFIED INVALID

Status

()

VERIFIED INVALID
8 years ago
8 years ago

People

(Reporter: jack_csk, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 (.NET CLR 3.5.30729)

Visiting the site in Firefox shows "The certificate is not trusted because the issuer certificate is unknown."
However, it works on Google Chrome (tested on OS X Snow Leopard), Safari (tested on OS X Snow Leopard), and Internet Explorer 8 (Windows XP)

Reproducible: Always

Steps to Reproduce:
1. Visit https://eb.bankcomm.com.hk/eb/login.action on Firefox
2. Shows the error
3. Compare the result with other web browsers
Actual Results:  
It displays the error:

eb.bankcomm.com.hk uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)


Expected Results:  
Page should render properly, without the "This Connection is Untrusted" error.

Tested on OS X and Windows XP
This is a server misconfiguration, the server doesn't send the complete certificate chain.
The intermediate certificate seems to be missing :
http://www.sslshopper.com/ssl-checker.html#hostname=https://eb.bankcomm.com.hk

You will not get the error if you visit a page that sends the intermediate certificate correctly. Gecko will store it in the internal database and from that point you can visit such a broken server without error.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
(Reporter)

Comment 2

8 years ago
Thanks Matthias. I'll follow up with the bank.
Case close, thanks.

Comment 3

8 years ago
It seems to be fixed now, the URL from comment 1 shows a complete chain.
Status: RESOLVED → VERIFIED
I can confirm that they fixed their server.
http://www.sslshopper.com/ssl-checker.html#hostname=https://eb.bankcomm.com.hk shows a complete chain.
(Reporter)

Comment 5

8 years ago
Yes, they've fixed the problem.
(Reporter)

Updated

8 years ago
Resolution: INVALID → FIXED

Comment 6

8 years ago
The status FIXED is for when Mozilla fixed something (so it can be included in the release notes for instance).
Resolution: FIXED → INVALID
You need to log in before you can comment on or make changes to this bug.