"Eddy Nigg (StartCom Ltd.)" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Melelina wrote: > > Also, why am I unable to edit the cert issued to > > http://www.microsoft.ipsos.com/ which I took from IE and put in the Fx Cert > > Manager? I want to trust this cert but when I use edit and click the trust > > button upon closing the Certificate Manager my edit is reversed and the do > > not trust button is chosen. > How good that this certificate isn't trusted...which CA issues such a > certificate....www.microsoft.ipsos.com? I guess that the signer is a > fake Verisign certificate.... > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: [EMAIL PROTECTED] > Phone: +1.213.341.0390
No, it is not fake. The cert is issued to www.microsoft.ipsos.com by Verisign. Fx borks at this and says Verisign is an untrusted issuer because it doesn't have the NEW Verisign cert in the store. The new Verisign cert is an INTERMEDIATE cert and it matters not the slightest that Fx traditionally has not stored intermediate certs. It has to now and why isn't it? Verisign no longer uses the old fashioned Root certs. They have slowly switched over the past two years to a two step intermediate certifIcation. Granted, Microsoft evidently hasn't properly configured their server and the certs are not being sent correctly. But, since I went and downloaded the Verisign intermediate cert and placed it in the Fx Cert Manager and then exported the cert issued by Verisign to www.microsoft.ipso.com to my desktop and then imported it to the Cert Manager for Fx, I should not be having Fx refuse to connect to the site. Maybe I put the microsoft cert in the wrong section of the Certificate Manager and that might be why I can't edit it. I put it under the Web tab. It may better be under "other people's". I think the problem with the editing might be that there is no "ok" button on the edit popup and the popup extends beyond the width of my screen so it is hard to even close the edit popup. I'm on my old 98SE machine as my XP Pro one year old machine is awaiting a second replacement mobo (first was doa) and it won't boot but I think there is an ok button on that edit screen and it is not showing up on 98SE. I had to end up using IE and going to the site and then the survey took about 20 minutes (I've done these many times for Microsoft) and because I was on IE, not Fx, at the end of the survey where you are invited to tell in your own words (as many words as you want) the most important things Microsoft can do to gain customer trust and approval, after writing about six paragraphs, I went to submit the survey (it is personalized based on your initial and later answers and is a cool survey) and got an error that the session had timed out. That has never happened on Fx but I recalled later that it happened the other time I used IE because of concern with Fx not accepting the cert and that was about a year ago. I want to use Fx at Microsoft sites and I am very tired of Fx problems with Microsoft certs and now there is the problem of Fx not having the new Verisign intermediate cert and it wanting to rely on root certs that are no longer used by Verisign. At least this is what I understand the situation to be from threads at Mozillazine and dslreports security forum, etc. If this is not the case please enlighten me. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
