Red Hat Bugzilla – Bug 450216
CA certificates of Verisign are not up-to-date
Last modified: 2008-07-25 21:47:32 EDT
Description of problem:
Verisign CA certificates in firefox are old.
The newer certificates are not present.
As of April 2006, all SSL certificates issued by VeriSign require the
installation of an Intermediate CA Certificate.
The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy
(also known as a Trust Chain) which enhances the security of your SSL
Certificate. If the proper Intermediate CA is not installed on the server, your
customers will see browser errors and may choose not to proceed further and
close their browser.
Version-Release number of selected component (if applicable):
https://www.robecodirect.nl/lastminute will show a warning because the CA used
is not known to firefox due to the lack of CA certificate updates.
Cannot reproduce with the current version of Firefox on Fedora 9. Reporter, can
you still reproduce this with the current version of Firefox on your distro?
Hugo, Firefox software never ships intermediate certificates. You must install
any required intermediate certificates on your web server, next to your server
cert. Verisign should have given you instructions how to do that.
Matej, it might have worked for you, because Firefox 3 now collects valid
intermediate certificates as you go, so you might have had the required
intermediate already. This is to reduce the pain caused by misconfigured sites.
I think this bug is invalid.
Hugo, can you please install the intermediate cert on your server, when in
doubt, please contact your CA?
Please reopen the bug if you have new evidence that the bug is really in firefox.