And the Debian CA is only an intermediate. Their certificate is signed by SPI, whose root is not included in Mozilla products (presumably because it hasn't applied for that).
ca-certificates does include the SPI root in addition to those included in Firefox, but note the disclaimer in the README.Debian file in the ca- certificates source package: "Please note that Debian can neither confirm nor deny whether the certificate authorities whose certificates are included in this package have in any way been audited for trustworthiness or RFC 3647 compliance. Full responsibility to assess them belongs to the local system administrator." -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1042040 Title: debian CA not shipped in firefox Status in “firefox” package in Ubuntu: Invalid Bug description: From question: https://answers.launchpad.net/ubuntu/+source/ca- certificates/+question/79192 Various secure websites signed by ca.debian.org are listed in Firefox as having invalid security certificates. E.g. https://alioth.debian.org/ URLs and https://mentors.debian.net/register/register etc. One shouldn't have to compromise security on creating exceptions to access secure debian websites. There is a large amount of contribution between Ubuntu and debian devs and having stumbling blocks like this in the way can only hurt the working relationship. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
