| Summary: | [FF45] Shared System Certificates not honored | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | David Jaša <djasa> |
| Component: | firefox | Assignee: | Martin Stransky <stransky> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | djasa, tpelka |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-06 13:40:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
The available 45 builds uses Mozilla in-tree NSS which miss Red Hat special config. We need to retest when system nss is enabled. Can you please test with latest FF for RHEL? Sorry for delay. This is fixed for quite some time already. |
Description of problem: RHEL 7 contains Shared System Certificates from the very start and Firefox up to 38 took CAs from there as trusted. FF45 no longer trusts these CAs Version-Release number of selected component (if applicable): firefox-45.0-0.3.el7_2.x86_64 How reproducible: always Steps to Reproduce: 1. wget -P /etc/pki/ca-trust/source/anchors \ https://password.corp.redhat.com/cacert.crt \ https://password.corp.redhat.com/RH-IT-Root-CA.crt update-ca-trust 2. restart firefox, go to https://errata.devel.redhat.com/ Actual results: errata.devel.redhat.com not trusted Expected results: errata.devel.redhat.com is trusted Additional info: this worked like charm in ESR 38 -> Regression