This from one of the posters to our Mozilla Contribute List/Forum: ====================================================================================
Hi, i was 110% sure that there was an issue with the new Fixfox 4 and i was right! The issue only occurs when you add a ssl certificate that is self signed on a website. First off if we have never been to the site we DO NOT have an issue and if you have never added an exception to a self signed certificate while using firefox 4 it WILL NOT have the issue. I have been testing over the last few days and this is my conclusion and it backups up what my clients are saying and also answers why my staff always get the same issue. if you go to: https://www.ausnetservers.net.au/webmail https://www.ausnetservers.net.au/cpanel https://www.ausnetservers.net.au/whm and you accept the certificate because its self signed and you continue. keep in mind before doing this you have gone to https://crm.ausnetservers.net.au and not had an issue. Anyway you add the exception and you go on. Some time afterwards or stright away in my case i go back to https://crm.ausnetservers.net.au and i get the same error i got last time. crm.ausnetservers.net.au uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) however i do not get this error if i have never added an exception to a self signed website on my domain that i have a valid and paid for ssl certificate on. The reason why it worked for you is because you had never added a self signed certificate that was on the ausnetservers.net.au website. So yes, there is a flaw in FF 4, why i dont know. Why it dont effect the older versions or IE i have no idea. Please let me know your findings ============================================================================================== -- *Jay Garcia - Netscape Champion* www.ufaq.org Netscape - Firefox - SeaMonkey - Flock - Thunderbird Disclaimer: I Do Not Own This Place Thus I Have No Official Say-So!! _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
