Bug 450216 - CA certificates of Verisign are not up-to-date
CA certificates of Verisign are not up-to-date
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Kai Engert (:kaie)
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-05 17:40 EDT by Hugo van der Kooij
Modified: 2008-07-25 21:47 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-07-25 21:47:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Hugo van der Kooij 2008-06-05 17:40:48 EDT
Description of problem:
Verisign CA certificates in firefox are old.
The newer certificates are not present.

See also:
As of April 2006, all SSL certificates issued by VeriSign require the
installation of an Intermediate CA Certificate.

The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy
(also known as a Trust Chain) which enhances the security of your SSL
Certificate. If the proper Intermediate CA is not installed on the server, your
customers will see browser errors and may choose not to proceed further and
close their browser.

Version-Release number of selected component (if applicable):

How reproducible:
https://www.robecodirect.nl/lastminute will show a warning because the CA used
is not known to firefox due to the lack of CA certificate updates.
Comment 4 Matěj Cepl 2008-07-17 19:08:05 EDT
Cannot reproduce with the current version of Firefox on Fedora 9. Reporter, can
you still reproduce this with the current version of Firefox on your distro?
Comment 5 Kai Engert (:kaie) 2008-07-25 21:47:32 EDT
Hugo, Firefox software never ships intermediate certificates. You must install
any required intermediate certificates on your web server, next to your server
cert. Verisign should have given you instructions how to do that.

Matej, it might have worked for you, because Firefox 3 now collects valid
intermediate certificates as you go, so you might have had the required
intermediate already. This is to reduce the pain caused by misconfigured sites.

I think this bug is invalid.

Hugo, can you please install the intermediate cert on your server, when in
doubt, please contact your CA?

Please reopen the bug if you have new evidence that the bug is really in firefox.


Note You need to log in before you can comment on or make changes to this bug.