Bug 450216

Summary: CA certificates of Verisign are not up-to-date
Product: [Fedora] Fedora Reporter: Hugo van der Kooij <hugo>
Component: firefoxAssignee: Kai Engert (:kaie) (inactive account) <kengert>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 8CC: gecko-bugs-nobody, mcepl, walters
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-26 01:47:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hugo van der Kooij 2008-06-05 21:40:48 UTC 
Description of problem:
Verisign CA certificates in firefox are old.
The newer certificates are not present.

See also:
As of April 2006, all SSL certificates issued by VeriSign require the
installation of an Intermediate CA Certificate.

The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy
(also known as a Trust Chain) which enhances the security of your SSL
Certificate. If the proper Intermediate CA is not installed on the server, your
customers will see browser errors and may choose not to proceed further and
close their browser.

Version-Release number of selected component (if applicable):


How reproducible:
https://www.robecodirect.nl/lastminute will show a warning because the CA used
is not known to firefox due to the lack of CA certificate updates.
Comment 1 Hugo van der Kooij 2008-06-05 21:41:42 UTC 
Varisign page:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=LIST
Comment 4 Matěj Cepl 2008-07-17 23:08:05 UTC 
Cannot reproduce with the current version of Firefox on Fedora 9. Reporter, can
you still reproduce this with the current version of Firefox on your distro?
Comment 5 Kai Engert (:kaie) (inactive account) 2008-07-26 01:47:32 UTC 
Hugo, Firefox software never ships intermediate certificates. You must install
any required intermediate certificates on your web server, next to your server
cert. Verisign should have given you instructions how to do that.

Matej, it might have worked for you, because Firefox 3 now collects valid
intermediate certificates as you go, so you might have had the required
intermediate already. This is to reduce the pain caused by misconfigured sites.

I think this bug is invalid.

Hugo, can you please install the intermediate cert on your server, when in
doubt, please contact your CA?

Please reopen the bug if you have new evidence that the bug is really in firefox.

Thanks