Built in Verisign, Inc certificate expired 10/24/2011, prevents loading web sites

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
7 years ago
2 years ago

People

(Reporter: morac, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
I'm trying to go to https://www.mynortonaccount.com in Firefox (release, beta, Aurora and Nightly) and it complains that "the certificate is not trusted because the issuer certificate has expired."

Indeed when you look at the certificate chain, the parent of www.mynortonaccount.com, "Verisign, Inc." does show an expiration date of 10/24/11.  This certificate is build into to Firefox's Software Security Device.

If I go to www.mynortonaccount.com in Internet Explore, Safari, Google Chrome and even SeaMonkey and look at the certification chain, Verizon's expiration date is 10/24/2016 (not 10/24/2011).

I tried a new profile and got the same result.  I don't know why Firefox's certificate for "Verisign, Inc" expires 10/24/2011, while every other browser out there, including SeaMonkey, expires 10/24/2016.

See URL for details.
(Reporter)

Comment 1

7 years ago
Created attachment 569590 [details]
Certificate chain
(Reporter)

Comment 2

7 years ago
I found a work around for this.  

Go to Options -> Advanced -> Encryption and click Certificates.  Then Delete the "Verizon, Inc." certificate from the Authorities tab.  The one with serial number "25:4B:8A:85:38:42:CC:E3:58:F8:C5:DD:AE:22:6E:A4"

Once that's done, pages will load as the new certificate does exist.

It looks like Firefox is preferring the old expired certificate to the new one for some reason.
(Reporter)

Comment 3

7 years ago
It looks like for new profiles, the "Verizon, Inc." certificate doesn't exist.  In which case the user needs to download and install it manually from the following URL:

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR1514

Comment 4

2 years ago
I'm closing this as WFM because:
1. The switch to mozilla::pkix means in theory this shouldn't happen.
2. It's been so long I get the feeling this wouldn't even be reproducible.

Feel free to re-open if this is still happening.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Component: General → Security: PSM
Product: Firefox → Core
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.