Closed
Bug 928719
Opened 11 years ago
Closed 10 years ago
intel certificate authority not trusted
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: olivier.vit, Unassigned)
References
()
Details
Attachments
(1 file)
26.16 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release) Build ID: 20130910160258 Steps to reproduce: Firefox warns with sec_error_unknown_issuer when going to https://communities.intel.com/thread/38676 while Google Chrome says the certificate is OK Actually, test on http://www.digicert.com/help/ says the same as Firefox: -------------- Certificate Name matches communities.intel.com Subject communities.intel.com Valid from 18/Nov/2011 to 02/Nov/2014 Issuer Intel External Basic Issuing CA 3A SSL Certificate is not trusted The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform. -------------- But the HTTP header isn't so much reassuring : -------------- DNS resolves 'communities.intel.com' to 208.111.155.237 HTTP Server Header: EdgePrismSSL -------------- PrismSSL !?! Actual results: no access to this site that seems reliable Expected results: recognize the SSL issuing authority
I don't see this error but CSP placeholder is visible when browsing this webpage. Can you test with a clean profile, please. https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles
Reporter | ||
Comment 2•11 years ago
|
||
(In reply to Loic from comment #1) > I don't see this error but CSP placeholder is visible when browsing this > webpage. Sorry but I don't understand how you don't see this error nor what a CSP is I have tested with profilemanager and a temporary profile with FF24 release, same error, with SeaMonkey Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 SeaMonkey/2.21 , same error, see attachment I have tested with Aurora 26.0a2 (2013-10-20) and indeed the certificate is recognized: the error doesn't occur.
Reporter | ||
Comment 3•11 years ago
|
||
Flags: needinfo?(olivier.vit)
Reporter | ||
Updated•11 years ago
|
Comment 4•11 years ago
|
||
The certificate doesn't provide enough chain information for us to validate it, as far as I can tell. Camilo? Is this an error or is Firefox working as intended? Also, this is not related to Content Security Policy (CSP).
No longer blocks: CSP
Flags: needinfo?(cviecco)
Comment 5•11 years ago
|
||
Firefox is working as intented, this is a server misconfiguration. The server is not supplying the the full list of certificate chains: (report at: https://www.ssllabs.com/ssltest/analyze.html?d=communities.intel.com and standard http://tools.ietf.org/html/rfc5246#section-7.4.2 ) Chrome uses the windows certificate store in Windows and thus my assumption for the divergent behavior on windows is that someone installed the extra certificates in the machine of the reporter. I tested with Chrome on Linux ( 30.0.1599.101) and had the same behavior as firefox (unstrusted issuer). I would say this is an invalid bug.
Flags: needinfo?(cviecco)
Reporter | ||
Comment 6•11 years ago
|
||
(In reply to Camilo Viecco (:cviecco) from comment #5) > Firefox is working as intented, this is a server misconfiguration. The > server is not supplying the the full list of certificate chains: (report at: > https://www.ssllabs.com/ssltest/analyze.html?d=communities.intel.com The report says "Trusted" anyway > and standard http://tools.ietf.org/html/rfc5246#section-7.4.2 ) > > Chrome uses the windows certificate store in Windows and thus my assumption > for the divergent behavior on windows is that someone installed the extra > certificates in the machine of the reporter. I tested with Chrome on Linux ( > 30.0.1599.101) and had the same behavior as firefox (unstrusted issuer). I > would say this is an invalid bug. What about Aurora saying it's valid ?
Comment 7•11 years ago
|
||
Chrome 31 on Linux connects to https://communities.intel.com/ without any problem.
Comment 8•11 years ago
|
||
And this appears to be because Chrome supports the Authority Information Access extension and Firefox doesn't.
Reporter | ||
Comment 9•10 years ago
|
||
I don't know what did change in the meantime but now it works in SeaMonkey / Firefox and even Aurora test on http://www.digicert.com/help/ is now OK also
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•