Does anyone else get a cert error on this site:
It's invalid in Firefox (latest F19 version: 33.1, just came out today) on Linux. But it works ok on Chrome in Windows. Chrome shows the cert is brand new this month (I had never had a problem with their site before).
Weird that a trust-validated site like that would have cert problems, unless they chose a no-name CA?
Unless someone is MitM'ing me...
I just tested it, and I also get the "untrusted" treatment, using Windows Vista and Firefox 33.1.1 (which is a Firefox upgrade I just got in the last 2-3 days).
Hartmut W Sager - Tel +1-204-339-8331
On 21 November 2014 00:14, Trevor Cordes trevor@tecnopolis.ca wrote:
Does anyone else get a cert error on this site:
It's invalid in Firefox (latest F19 version: 33.1, just came out today) on Linux. But it works ok on Chrome in Windows. Chrome shows the cert is brand new this month (I had never had a problem with their site before).
Weird that a trust-validated site like that would have cert problems, unless they chose a no-name CA?
Unless someone is MitM'ing me... _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
I get an error too with Firefox 30.0 and Firefox 33.1.1 on Windows 7, but not with Firefox ESR 31.2.0 on RHEL 5, nor with IE 11 on Win7. With FF 30.0, it didn't even give me a chance to look at the cert or add an exception, but after updating to 33.1.1 I could. It's an Entrust, Inc. certificate, which doesn't seem like a no-name CA to me, particularly since many browsers accept it without complaint. Maybe some Windows builds of Firefox are missing some root CAs or have a bug that prevent them from parsing all of the root CAs correctly? Doesn't look like a MitM attack in any case.
On 11/21/2014 12:24 AM, Hartmut W Sager wrote:
I just tested it, and I also get the "untrusted" treatment, using Windows Vista and Firefox 33.1.1 (which is a Firefox upgrade I just got in the last 2-3 days).
Hartmut W Sager - Tel +1-204-339-8331
On 21 November 2014 00:14, Trevor Cordes <trevor@tecnopolis.ca mailto:trevor@tecnopolis.ca> wrote:
Does anyone else get a cert error on this site: https://taxcess.gov.mb.ca/ It's invalid in Firefox (latest F19 version: 33.1, just came out today) on Linux. But it works ok on Chrome in Windows. Chrome shows the cert is brand new this month (I had never had a problem with their site before). Weird that a trust-validated site like that would have cert problems, unless they chose a no-name CA? Unless someone is MitM'ing me...
It seems that Entrust's 2048 bit CA cert is still pending approval by Mozilla. I had an exception added previously in my RHEL Firefox settings, which is apparently why it didn't complain.
https://support.mozilla.org/en-US/questions/1026811 https://bugzilla.mozilla.org/show_bug.cgi?id=694536
I believe Chrome on Windows uses Microsoft's CA certs, the same ones IE uses. Entrust must have gotten their CA added to the MS collection earlier, but dropped the ball on Mozilla's. FWIW, I also tried Chrome and the older Android browser on an Android 4.0 tablet and they both accessed that site without complaints.
On 11/21/2014 06:17 AM, Gilles Detillieux wrote:
I get an error too with Firefox 30.0 and Firefox 33.1.1 on Windows 7, but not with Firefox ESR 31.2.0 on RHEL 5, nor with IE 11 on Win7. With FF 30.0, it didn't even give me a chance to look at the cert or add an exception, but after updating to 33.1.1 I could. It's an Entrust, Inc. certificate, which doesn't seem like a no-name CA to me, particularly since many browsers accept it without complaint. Maybe some Windows builds of Firefox are missing some root CAs or have a bug that prevent them from parsing all of the root CAs correctly? Doesn't look like a MitM attack in any case.
On 11/21/2014 12:24 AM, Hartmut W Sager wrote:
I just tested it, and I also get the "untrusted" treatment, using Windows Vista and Firefox 33.1.1 (which is a Firefox upgrade I just got in the last 2-3 days).
Hartmut W Sager - Tel +1-204-339-8331
On 21 November 2014 00:14, Trevor Cordes <trevor@tecnopolis.ca mailto:trevor@tecnopolis.ca> wrote:
Does anyone else get a cert error on this site: https://taxcess.gov.mb.ca/ It's invalid in Firefox (latest F19 version: 33.1, just came out today) on Linux. But it works ok on Chrome in Windows. Chrome shows the cert is brand new this month (I had never had a problem with their site before). Weird that a trust-validated site like that would have cert problems, unless they chose a no-name CA? Unless someone is MitM'ing me...
Belated thanks to all who checked up on that weird Entrust cert, y'all solved it for me. I'll just wait for FF to update their root CA stuff. I guess the provincial govt doesn't test their stuff against FLOSS software :-)
-
Gilles Detillieux -
Hartmut W Sager -
Trevor Cordes