Missing Certificates in Firefox 23.0.1
216 views
Skip to first unread message
Gregory Vedders
Aug 28, 2013, 11:02:45 AM8/28/13
to webc-...@googlegroups.com
Has anyone else noticed that there are some certificates missing in the current version of firefox? When you go to https://www.factstuition.com/prod/ecashierv3.nsf/Index?openform&query=aquinas in the browser you get a certificate error. The previous versions of firefox didn't do that. It appears that firefox is missing the Thawte SSL CA Software Security Device (was present in previous versions) and is present in other OS versions. Is there an easy way to add this to the certificates or is there any chance that a new version of Webconverger will be coming out soon with this bug patched? We are looking to do a deployment of approximately 20 machines on our College campus and are currently holding until we can get this fixed.
Thanks,
Thanks,
Kai Hendry
Aug 29, 2013, 2:03:18 AM8/29/13
to webc-users
Hi Gregory,
This may have worked when Webconverger used Iceweasel, which was
basically before Webconverger 15, about a year ago. :)
Since then we use official Firefox Mozilla builds, which unfortunately
don't seem to trust your specific CA. I filed a bug about that here:
https://bugzilla.mozilla.org/show_bug.cgi?id=910560
Anyway, I've since discovered that the "official Firefox Mozilla
build" does not use the system CAs here:
https://github.com/Webconverger/webc/tree/master/usr/share/ca-certificates
So I need to spend some time working out if I can do that, preferably
without rebuilding Firefox.
I have been thinking of an SSL API.
https://github.com/Webconverger/webc/issues/148
Do you know the certificate that needs to be installed for the chain
to be verified? That's the thing I find difficult here. I can't tell
what CA Firefox is looking for. There are lots of Thawte CAs builtin
already. Quite a minefield here!
Kind regards,
This may have worked when Webconverger used Iceweasel, which was
basically before Webconverger 15, about a year ago. :)
Since then we use official Firefox Mozilla builds, which unfortunately
don't seem to trust your specific CA. I filed a bug about that here:
https://bugzilla.mozilla.org/show_bug.cgi?id=910560
Anyway, I've since discovered that the "official Firefox Mozilla
build" does not use the system CAs here:
https://github.com/Webconverger/webc/tree/master/usr/share/ca-certificates
So I need to spend some time working out if I can do that, preferably
without rebuilding Firefox.
I have been thinking of an SSL API.
https://github.com/Webconverger/webc/issues/148
Do you know the certificate that needs to be installed for the chain
to be verified? That's the thing I find difficult here. I can't tell
what CA Firefox is looking for. There are lots of Thawte CAs builtin
already. Quite a minefield here!
Kind regards,
Kai Hendry
Aug 29, 2013, 2:48:46 AM8/29/13
to webc-users
I chatted to a security expert on #mozilla and he seems to think your
server's SSL configuration is incorrect Gregory.
The trouble is your server is not offering the intermediate certificate.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=SO13881
"Thawte SSL123 Intermediate CA" particularly. So Firefox can't
complete the chain.
Ah, but you might think, it works when I tested it. If the
"Intermediate certificate" is seen on another correctly configured SSL
site, it's cached and will make your site work.
Hope that hint works for you and you can roll out Webconverger!
server's SSL configuration is incorrect Gregory.
The trouble is your server is not offering the intermediate certificate.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=SO13881
"Thawte SSL123 Intermediate CA" particularly. So Firefox can't
complete the chain.
Ah, but you might think, it works when I tested it. If the
"Intermediate certificate" is seen on another correctly configured SSL
site, it's cached and will make your site work.
Hope that hint works for you and you can roll out Webconverger!
Reply all
Reply to author
Forward
0 new messages