Comment #9 on issue 15313 by [email protected]: The site's security certificate is not trusted! http://code.google.com/p/chromium/issues/detail?id=15313
The Vodaphone cert is issued by "VeriSign Class 3 Secure Server CA" (1024-bit). This apparently is not a root CA, but is itself issued by one of Verisign's roots. The problem is that Vodaphone's web server needs to be configured to return the intermediate Verisign certificate as well as its own cert, so the browser can complete the chain of trust. (The intermediate Verisign cert is not in OS X's system database of trusted certs, because it's not a root.) This discussion explains it pretty well: http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/6830a8566de24547/b49e918d f0151acc?pli=1 It sounds as though MSIE will automatically attempt to fetch intermediate certs if the server doesn't provide them, and from the discussion this may have been implemented in FF as well. But this is a workaround to the real problem, which is that Vodaphone is missing the intermediate cert. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
