User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0 Build ID: 20110811165603 Steps to reproduce: I tried to remove the DigiNotar root certificate as suggestet at http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert Then I visited a web site that uses a DigiNotar-issued cert, e.g. https://as.digid.nl/ Actual results: Everything normal. Expected results: Firefox should complain that the certificate is not trusted
I believe this is a non-existing bug. When one retrieves the SSL Certificate for as.digid.nl one can see that it uses DigiNotar as an intermediate CA. You only removed the DigiNotar Root CA. DigiNotar owns several Root/Intermediate certificates. The one used for as.digid.nl is part of the 'Staat der Nederlanden Root CA'/'Staat der Nederlanden Overheid Root CA'/'DigiNotar PKLIoverheid CA Overheid en Bedrijven' certification chain. In my opinion your expectation differs from what should be expected ;)
Valid point. Removing 'Staat der Nederlanden Overheid Root CA' indeed triggers the desired behavior. This bug should be closed.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INVALID
Please not that removing 'Staat der Nederlanden Overheid Root CA' will make more SSL Certs invalid. For example Defense and Justice departments. Or the 'Belastingdienst' (not mijn.belastingdienst.nl as this is signed by Verisign). I rather would update firefox to have the fix from https://bugzilla.mozilla.org/show_bug.cgi?id=682956
You need to log in before you can comment on or make changes to this bug.