On 09/09/2015 07:38 AM, Wan-Teh Chang wrote: > On Wed, Sep 9, 2015 at 2:42 AM, Frederik Braun <fbr...@mozilla.com> wrote: >> I too get the security warning. The ssllabs.com test usually helps >> uncovering the issue behind this: >> >> According to >> <https://www.ssllabs.com/ssltest/analyze.html?d=voltage-pp-0000.wellsfargo.com&latest> >> it seems that the website is configured incorrectly. >> >> In particular, it appears to me that the certificate used by the domain >> does not properly chain up to a trusted CA certificate installed in most >> browsers. The webserver needs to be configured to send the correct set >> of CA / intermediate certificates (in their correct order). >> >> More specifically, it should send the certificate with the fingerprint >> "ae389b76b23e27d958eeda0ae0c5eb4be86b427d ", but currently is not. > > This bug should be investigated by someone working on mozpkix such as > David Keeler. > > I downloaded and imported the CA certificate that Frederik Braun > named. (It is a cross-certification certificate of "WellsSecure Public > Root Certification Authority 01 G2".) But Firefox doesn't seem to use > the cross-certification certificate. > > Wan-Teh >
Is this still an issue? The site loads correctly for me with a new profile on Firefox 40. Also, the latest ssllabs report indicates it is sending the proper intermediates.
signature.asc
Description: OpenPGP digital signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
