Is https://bugzilla.mozilla.org/show_bug.cgi?id=438825 at play here?
-chofmann
On 3/26/14 12:18 PM, Ben Wilson wrote:
I get the same results using www.digicert.com/help :
Subject AC Secretaria da Receita Federal do Brasil v3
Valid from 21/Oct/2011 to 21/Oct/2021
Issuer Autoridade Certificadora Raiz Brasileira v2
The certificate is not signed by a trusted authority (checking against
Mozilla's root store). If you bought the certificate from a trusted
authority, you probably just need to install one or more Intermediate
certificates. Contact your certificate provider for assistance doing this
for your server platform.
-----Original Message-----
From: dev-security-policy
[mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On
Behalf Of David Keeler
Sent: Wednesday, March 26, 2014 12:52 PM
To: dev-security-policy@lists.mozilla.org
Subject: incomplete certificate chain [was Re: As of Firefox 28, Firefox
will not fetch CRLs during EV certificate validation]
Accessing https://homologacao.nfce.fazenda.sp.gov.br gives me the same error
with Firefox 27 as with more recent versions. It looks like the server isn't
sending a complete certificate chain. More specifically, a certificate with
common name "Autoridade Certificadora Raiz Brasileira v2" is necessary.
There may be more, if that certificate isn't signed by a root in Mozilla's
root program.
Hope this helps,
David
On 03/26/14 11:29, fabio.nagam...@gmail.com wrote:
Hi Brian,
I'm developing a Government Website that should be available to any of the
main browsers, but our site certificate is not being recognized by Firefox
since version 28 (it's OK for IE, Chrome and FF before v.28). To be able to
recognize the certificate, our users have to manually import the
certificates of all CA's in the chain.
The site is https://homologacao.nfce.fazenda.sp.gov.br
Our certificate was issued by brazilian CA "ICP-Brasil" .
If you log with IE or Chrome you'll be able to download the certificate
and check the CA chain.
I think that if the chain could be added to the list of certificates
it would solve the problem. We have another website that is certified
by Verisign and it works normally
(https://nfe.fazenda.sp.gov.br/ConsultaNFe/consulta/publica/ConsultarN
Fe.aspx)
Could you please help? I'd like to open a proper change request but I
don't know how to do that.
Thanks in advance,
Fabio
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
