On 9/16/2008 7:12 AM, Fabio Spelta wrote: > Hello everybody and thanks for reading. > > Many educational institutions, among which there are various Italian > universities, are using X.509 certificates issued by the "Cybertrust > Educational CA" for their websites. > In Italy such certificates are obtained mainly through the GARR Italian > Academic & Research Network, www.garr.it. > The Cybertrust Educational certificate can be found at > http://secure.globalsign.net/cacert/sureserverEDU.pem. > That's in turn signed by the "GTE CyberTrust Global Root" certificate. > Please refer to http://secure.globalsign.net/cacert/ct_root.pem. > > While certificates signed by that authority are trusted and seamlessly > accepted by the default installations of Internet Explorer (since > version 6) and now also by Google Chrome, Mozilla Firefox still doesn't > trust them (not even the latest 3.1 alpha2). > > I'm writing to kindly ask you to consider to insert the Cybertrust > Educational certificate in the list of the trusted certificate authorities. > That would be very helpful to all the organizations which use such > certificates for they websites, expecially in view of the growing user > base of Firefox in Italy. > > Should you need further details, don' t hesitate to get in touch with me. > > Thank you very much for your attention.
While the certificate authority (CA) involved here is NOT Verisign, the information at <https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657> is very relevant. Indeed, it's relevant to ALL CAs. You should bring this Web page to the attention of the host Web server for their action. Note that this is not a unique situation. See bug #390835 at <https://bugzilla.mozilla.org/show_bug.cgi?id=390835>. Unfortunately, Internet Explorer (IE) works around this situation by searching the Internet for missing intermediate certificates. I consider this a security vulnerability in IE. However, because of IE's behavior, many Web server hosts ignore this problem (e.g., Canon, per bug #390835). I'm beginning to believe that the CAs are not communicating clearly with their customers on the proper way to setup a secure server. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
