Closed Bug 636198 Opened 13 years ago Closed 13 years ago

Intermediate certificate is not found

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 542674

People

(Reporter: c43sivers, Unassigned)

Details

(Whiteboard: DUPEME) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

My internet provider that is also a mail provider changed SSL server certificates a few days ago. This caused Thunderbird (using POP, IMAP, SMTP) and Firefox when accessing the Web mail page (all SSL) to complain about an invalid security certificate. But when using Internet Explorer 8 or Outlook  Express there were no problems.

This was observed on 2011-02-21, reproducible many times, but about two days later, there are no problems any more. This is also what my internet provider says. You may consider problem solved. But questions:
 - What causes the different behaviour between the security libraries used by Mozilla and by Windows. 
 - What in the certificate for  webmail.telia.com  can be the cause?
 - Can the Mozilla security software be improved to handle this better?

Reproducible: Always




More details. My environments:
  Windows 7 (64 bit) and Windows XP SP3
  Firefox 3.6.13
  Thunderbird 3.1.7
  Thunderbird (Miramar) 3.3 Alfa 2

With Thunderbird, Connection security is SSL/TLS for all protocols.

When the certificate was not trusted I got a message for:
  Firefox:
    This Connection is Untrusted
    ......
    (Error code: sec_error_unknown_issuer)

When I click  Add Exception  get the page as expected.

Now when things work normally I can see this for involved certificates:

Certificate Hierarchy
  VeriSign Class 3 Public Primary Certification Authority - G5
    VeriSign Class 3 International Server CA - G3
      webmail.telia.com

The cause of the problem above seems to be that the Intermediate certificate (VeriSign Class 3 International Server CA - G3) could not be found. This is supported by the observation that one of my profiles for Firefox already had that certificate loaded and in that case there was no problem to access the Web mail page.
Per spec, an SSL server is supposed to send the entire certificate chain.  This one is apparently not doing that (which should be fixed on the server).

IE does something where it examines some fields of the certificate and goes off and maybe fetches the things those fields point to in the hope that it'll get intermediate certificates.  There's an existing bug on maybe doing something along those lines.
Component: Security → Security: PSM
QA Contact: toolkit → psm
Whiteboard: DUPEME
This cert does indeed include the AIA CA issuer extension.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.