Hi David, you're right.. I probably had installed the root certificate "Autoridade Certificadora Raiz Brasileira v2" when using version 27 for some other task before my tests, and that's caused the test to pass. When I reinstalled 27 after uninstall 28 I could reproduce the error.
Hi Chofmann, I believe the implementation of https://bugzilla.mozilla.org/show_bug.cgi?id=438825 would solve my problem. I'll monitor this bug and check when solved. Thanks all! fabio Em quarta-feira, 26 de março de 2014 16h34min14s UTC-3, Chris Hofmann escreveu: > Is https://bugzilla.mozilla.org/show_bug.cgi?id=438825 at play here? > > > > -chofmann > > > > On 3/26/14 12:18 PM, Ben Wilson wrote: > > > I get the same results using www.digicert.com/help : > > > > > > Subject AC Secretaria da Receita Federal do Brasil v3 > > > Valid from 21/Oct/2011 to 21/Oct/2021 > > > Issuer Autoridade Certificadora Raiz Brasileira v2 > > > > > > The certificate is not signed by a trusted authority (checking against > > > Mozilla's root store). If you bought the certificate from a trusted > > > authority, you probably just need to install one or more Intermediate > > > certificates. Contact your certificate provider for assistance doing this > > > for your server platform. > > > > > > > > > -----Original Message----- > > > From: dev-security-policy > > > [mailto:dev-security-policy-bounces+ben=digicert....@lists.mozilla.org] On > > > Behalf Of David Keeler > > > Sent: Wednesday, March 26, 2014 12:52 PM > > > To: dev-security-policy@lists.mozilla.org > > > Subject: incomplete certificate chain [was Re: As of Firefox 28, Firefox > > > will not fetch CRLs during EV certificate validation] > > > > > > Accessing https://homologacao.nfce.fazenda.sp.gov.br gives me the same error > > > with Firefox 27 as with more recent versions. It looks like the server isn't > > > sending a complete certificate chain. More specifically, a certificate with > > > common name "Autoridade Certificadora Raiz Brasileira v2" is necessary. > > > There may be more, if that certificate isn't signed by a root in Mozilla's > > > root program. > > > > > > Hope this helps, > > > David > > > > > > On 03/26/14 11:29, fabio.nagam...@gmail.com wrote: > > >> Hi Brian, > > >> I'm developing a Government Website that should be available to any of the > > > main browsers, but our site certificate is not being recognized by Firefox > > > since version 28 (it's OK for IE, Chrome and FF before v.28). To be able to > > > recognize the certificate, our users have to manually import the > > > certificates of all CA's in the chain. > > >> The site is https://homologacao.nfce.fazenda.sp.gov.br > > >> > > >> Our certificate was issued by brazilian CA "ICP-Brasil" . > > >> > > >> If you log with IE or Chrome you'll be able to download the certificate > > > and check the CA chain. > > >> I think that if the chain could be added to the list of certificates > > >> it would solve the problem. We have another website that is certified > > >> by Verisign and it works normally > > >> (https://nfe.fazenda.sp.gov.br/ConsultaNFe/consulta/publica/ConsultarN > > >> Fe.aspx) > > >> > > >> Could you please help? I'd like to open a proper change request but I > > > don't know how to do that. > > >> Thanks in advance, > > >> Fabio > > > _______________________________________________ > > > dev-security-policy mailing list > > > dev-security-policy@lists.mozilla.org > > > https://lists.mozilla.org/listinfo/dev-security-policy > > > > > > > > > _______________________________________________ > > > dev-security-policy mailing list > > > dev-security-policy@lists.mozilla.org > > > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
