Peter Djalaliev: > Hello, > > I tried connecting to http://suppliers.intel.com (which redirects to > https://supplier.intel.com/supplierhub) from Firefox 3 and IE7 and saw > two different certificate chains when I tried to view the server > certificate. IE7 recognized the root certificate as coming from a > trusted issuer, while FF3 did not. > > In Firefox 3, I see only the server certificate, issued by "Intel > External Basic Issuing CA 3B". Firefox does not recognize the root CA > in the chain as a trusted CA. > > In IE7, I see the server certificate, the "Intel External Basic > Issuing CA 3B" certificate, a "Intel External Basic Policy CA" > certificate and a GeoTrust certificate as the root, issued by "Equifax > Secure Certificate Authority". > > It looks like the "Equifax Secure Certificate Authority" CA > certificate is trusted for server authentication by both FF3 and IE7. > > Can anybody tell why Firefox 3 does not show the whole certificate > chain and does not recognize the root CA as a trusted CA? Is it > possible that NSS is not parsing the whole chain for some reason? Is > it something weird about the certificate chain presented by the server > or something in NSS/PSM? >
Peter, this is a installation failure of the certificate by Intel. The server doesn't present the full chain of CA certificates as required. IE fetches CA certificates on its own if a service URL of the CA issues is present in the parent certificate, but NSS doesn't for now. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
