[RndTbl] weird cert problem

Gilles Detillieux grdetil at scrc.umanitoba.ca
Fri Nov 21 07:22:34 CST 2014 

It seems that Entrust's 2048 bit CA cert is still pending approval by 
Mozilla.  I had an exception added previously in my RHEL Firefox 
settings, which is apparently why it didn't complain.

https://support.mozilla.org/en-US/questions/1026811
https://bugzilla.mozilla.org/show_bug.cgi?id=694536

I believe Chrome on Windows uses Microsoft's CA certs, the same ones IE 
uses.  Entrust must have gotten their CA added to the MS collection 
earlier, but dropped the ball on Mozilla's.  FWIW, I also tried Chrome 
and the older Android browser on an Android 4.0 tablet and they both 
accessed that site without complaints.

On 11/21/2014 06:17 AM, Gilles Detillieux wrote:
> I get an error too with Firefox 30.0 and Firefox 33.1.1 on Windows 7, 
> but not with Firefox ESR 31.2.0 on RHEL 5, nor with IE 11 on Win7.  
> With FF 30.0, it didn't even give me a chance to look at the cert or 
> add an exception, but after updating to 33.1.1 I could.  It's an 
> Entrust, Inc. certificate, which doesn't seem like a no-name CA to me, 
> particularly since many browsers accept it without complaint.  Maybe 
> some Windows builds of Firefox are missing some root CAs or have a bug 
> that prevent them from parsing all of the root CAs correctly?  Doesn't 
> look like a MitM attack in any case.
>
> On 11/21/2014 12:24 AM, Hartmut W Sager wrote:
>> I just tested it, and I also get the "untrusted" treatment, using 
>> Windows Vista and Firefox 33.1.1 (which is a Firefox upgrade I just 
>> got in the last 2-3 days).
>>
>> Hartmut W Sager - Tel +1-204-339-8331
>>
>>
>> On 21 November 2014 00:14, Trevor Cordes <trevor at tecnopolis.ca 
>> <mailto:trevor at tecnopolis.ca>> wrote:
>>
>>     Does anyone else get a cert error on this site:
>>
>>     https://taxcess.gov.mb.ca/
>>
>>     It's invalid in Firefox (latest F19 version: 33.1, just came out
>>     today)
>>     on Linux. But it works ok on Chrome in Windows.  Chrome shows the
>>     cert
>>     is brand new this month (I had never had a problem with their site
>>     before).
>>
>>     Weird that a trust-validated site like that would have cert problems,
>>     unless they chose a no-name CA?
>>
>>     Unless someone is MitM'ing me...
>>

-- 
Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20141121/960dc25d/attachment.html>

More information about the Roundtable mailing list