Melelina wrote: > Why is the VeriSign Class 3 Secure Server CA which can be downloaded here: > http://SVRSecure-aia.verisign.com/SVRSecure2005-aia.cer not in the Fx > certificate store? Should this not have been added in the latest update of > Fx (1.5.0.11)?
The Mozilla store only includes root certificates. The VeriSign Class 3 Secure Server CA is an intermediate certificate; it is signed by the Verisign "Class 3 Public Primary Certification Authority" root, which is in Firefox (and has been for some time). If your website uses a certificate which is signed by the one you mention, you need to place a copy of the intermediate certificate on the webserver also, in line with instructions provided by your server vendor and/or by Verisign. Otherwise, Firefox will not be able to follow the certificate chain to the root. IE will also have a similar problem, but only if it has never encountered a correctly-configured web server (i.e. it caches intermediate certs). So IE in new installs of Windows will also have the problem. > Also, why am I unable to edit the cert issued to > http://www.microsoft.ipsos.com/ which I took from IE and put in the Fx Cert > Manager? I don't quite understand what you mean by "took from IE and put in the Fx Cert Manager". Could you explain more about exactly what you did? > I want to trust this cert but when I use edit and click the trust > button upon closing the Certificate Manager my edit is reversed and the do > not trust button is chosen. If you want to trust this cert directly, visit the site in Firefox and choose "Accept this certificate permanently" from the dialog which results. The certificate will then appear in Firefox in Preferences | Advanced tab | Encryption sub-tab | View Certificates button | Web Sites tab. Your browser (but not anyone else's) will then visit the site in future without error. But you would be far better off getting the server fixed. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
