This should be on crypto, not security, transferring. I have an hard time testing it fully because of time-outs on vps-serv-1.ausnetservers.net

But the problem seems to be :
- With Firefox 4, adding an exception for a cert on domain X prevents from continuing to accept this cert as valid on domain y, with an error saying that the issuer of the cert is unknown

With the repro procedure of :
- go to https://crm.ausnetservers.net.au
- Should work OK, chains to RapidSSL/GeoTrust
- go to https://www.ausnetservers.net.au/webmail
- add an exception for https://www.ausnetservers.net.au/webmail
(the certificate sent is actually the certificate of crm.ausnetservers.net.au )
- go back to https://crm.ausnetservers.net.au
- will now be broken, "no issuer found"

Jay Garcia wrote:
This from one of the posters to our Mozilla Contribute List/Forum:

====================================================================================

Hi,

i was 110% sure that there was an issue with the new Fixfox 4 and i was
right!

The issue only occurs when you add a ssl certificate that is self signed
on a website.

First off if we have never been to the site we DO NOT have an issue and
if you have never added an exception to a self signed certificate while
using firefox 4 it WILL NOT have the issue.

I have been testing over the last few days and this is my conclusion and
it backups up what my clients are saying and also answers why my staff
always get the same issue.

if you go to:

https://www.ausnetservers.net.au/webmail
https://www.ausnetservers.net.au/cpanel
https://www.ausnetservers.net.au/whm

and you accept the certificate because its self signed and you continue.
keep in mind before doing this you have gone to
https://crm.ausnetservers.net.au and not had an issue.

Anyway you add the exception and you go on. Some time afterwards or
stright away in my case i go back to https://crm.ausnetservers.net.au
and i get the same error i got last time.

     crm.ausnetservers.net.au uses an invalid security certificate.

     The certificate is not trusted because no issuer chain was provided.

     (Error code: sec_error_unknown_issuer)

however i do not get this error if i have never added an exception to a
self signed website on my domain that i have a valid and paid for ssl
certificate on.

The reason why it worked for you is because you had never added a self
signed certificate that was on the ausnetservers.net.au website.

So yes, there is a flaw in FF 4, why i dont know. Why it dont effect the
older versions or IE i have no idea.

Please let me know your findings

==============================================================================================


--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to