Hello, I tried connecting to http://suppliers.intel.com (which redirects to https://supplier.intel.com/supplierhub) from Firefox 3 and IE7 and saw two different certificate chains when I tried to view the server certificate. IE7 recognized the root certificate as coming from a trusted issuer, while FF3 did not.
In Firefox 3, I see only the server certificate, issued by "Intel External Basic Issuing CA 3B". Firefox does not recognize the root CA in the chain as a trusted CA. In IE7, I see the server certificate, the "Intel External Basic Issuing CA 3B" certificate, a "Intel External Basic Policy CA" certificate and a GeoTrust certificate as the root, issued by "Equifax Secure Certificate Authority". It looks like the "Equifax Secure Certificate Authority" CA certificate is trusted for server authentication by both FF3 and IE7. Can anybody tell why Firefox 3 does not show the whole certificate chain and does not recognize the root CA as a trusted CA? Is it possible that NSS is not parsing the whole chain for some reason? Is it something weird about the certificate chain presented by the server or something in NSS/PSM? Regards, Peter _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
