Closed Bug 697334 Opened 14 years ago Closed 8 years ago

Built in Verisign, Inc certificate expired 10/24/2011, prevents loading web sites

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: morac, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

Certificate chain
55.94 KB, image/jpeg
Details
I'm trying to go to https://www.mynortonaccount.com in Firefox (release, beta, Aurora and Nightly) and it complains that "the certificate is not trusted because the issuer certificate has expired." Indeed when you look at the certificate chain, the parent of www.mynortonaccount.com, "Verisign, Inc." does show an expiration date of 10/24/11. This certificate is build into to Firefox's Software Security Device. If I go to www.mynortonaccount.com in Internet Explore, Safari, Google Chrome and even SeaMonkey and look at the certification chain, Verizon's expiration date is 10/24/2016 (not 10/24/2011). I tried a new profile and got the same result. I don't know why Firefox's certificate for "Verisign, Inc" expires 10/24/2011, while every other browser out there, including SeaMonkey, expires 10/24/2016. See URL for details.
Attached image Certificate chain
I found a work around for this. Go to Options -> Advanced -> Encryption and click Certificates. Then Delete the "Verizon, Inc." certificate from the Authorities tab. The one with serial number "25:4B:8A:85:38:42:CC:E3:58:F8:C5:DD:AE:22:6E:A4" Once that's done, pages will load as the new certificate does exist. It looks like Firefox is preferring the old expired certificate to the new one for some reason.
It looks like for new profiles, the "Verizon, Inc." certificate doesn't exist. In which case the user needs to download and install it manually from the following URL: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR1514
I'm closing this as WFM because: 1. The switch to mozilla::pkix means in theory this shouldn't happen. 2. It's been so long I get the feeling this wouldn't even be reproducible. Feel free to re-open if this is still happening.
Status: NEW → RESOLVED
Closed: 8 years ago
Component: General → Security: PSM
Product: Firefox → Core
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: