tags:

views:

11302

answers:

5
+2  Q: 

Firefox and SSL: sec_error_unknown_issuer

My client gets a sec_error_unknown_issuer error message when visiting https://mediant.ipmail.nl with firefox. I can't reproduce the error myself. I installed ff on a vista and a xp machine and had no problems. FF on Ubuntu also works fine.

Does anyone get the same error and does anyone have some clues for me so i can tell my isp to change some settings? The certificate is a so called wild-card ssl certificate that works for all subdomains (*.ipmail.nl). Was i wrong to pick the cheapest one?

Regards, Pieter

+2  A: 
splattne  2008-11-09 12:46:32
Most recent 3.03 on windows xp.
Overbeeke  2008-11-09 12:49:32
What do you mean inserted in the list? Does that mean that it is default in that list as provide by mozilla or did you accept a certificate of Comodo sometime and was it added to the list then?
Overbeeke  2008-11-09 14:47:21
I mean default by Mozilla
splattne  2008-11-09 14:50:05
+2  A: 

Just had the same problem with a Comodo Wildcard SSL cert. After reading the docs the solution is to ensure you include the certificate chain file they send you in your config i.e.

SSLCertificateChainFile /etc/ssl/crt/yourSERVERNAME.ca-bundle

Full details on Comodo site

 2009-06-22 09:34:27
+2  A: 

We had this problem and it was very much Firefox specific -- could only repro in that browser, Safari, IE8, Chrome, etc were all fine.

Fixing it required getting an updated cert from Comodo and installing it.

No idea what magic they changed, but it was definitely something in the cert that Firefox did NOT like.

Jeff Atwood  2009-10-28 18:05:20
A: 

I had this problem with Firefox and my server. I contacted GoDaddy customer support, and they had me install the intermediate server certificate:

http://help.godaddy.com/article/5346

After a re-start of the World Wide Web Publishing Service, everything worked perfectly.

If you do not have full access to your server, your ISP will have to do this for you.

toddb  2009-12-03 20:38:27
+1  A: 

Firefox is more stringent than other browsers and will require proper installation of an intermediate server certificate. This can be supplied by the cert authority the certificate was purchased from. the intermediate cert is typically installed in the same location as the server cert and requires the proper entry in the httpd.conf file.

while many are chastising Firefox for it's (generally) exclusive 'flagging' of this, it's actually demonstrating a higher level of security standards.

Jason Clark  2009-12-12 05:41:02

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL