The incomplete chain could definitely explain this. In the absence of AIA chasing (downloading missing CA certificates from a URL listed in the leaf cert, which some other browsers do but Firefox doesn't) or intermediate preloading (coming soon to Firefox), whether the site works or shows an error depends on whether the browser has cached a copy of the certificate (typically from visiting a properly-configured site using the same CA).
Cheers, Julien On Fri, Mar 13, 2020 at 5:20 PM Andrew C Aitchison <[email protected]> wrote: > On Fri, 13 Mar 2020, Eddie Rowe wrote: > > > I am receiving a failure of https on one system, but not on another > > running ESR 68.6 x64. I don't think it could be a DNS issue since > > Chrome and Edge show the https session on the same PC. Thoughts? > > > > URL: https://help.logmein.com/pkb_Home?l=en_US&c=&va=3 > > I see from > https://www.ssllabs.com/ssltest/analyze.html?d=help.logmein.com > that they only support TLSv1.2 and have an incomplete certificate chain. > Could either of those match a changed setting on that instance of firefox ? > > Failing that, does 68.6 support DNS-over-HTTPS ? If so that could be > another difference, especially as there is a rolling switch-on in the US: > > https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/ > > -- > Andrew C. Aitchison Kendal, UK > [email protected] > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
