EV Green Bar not working in latest FF, works in IE and Chrome
I just purchased a new EV certificate from Entrust and installed in on my website. Now with IE and Chrome I get the nice green bar, but FF shows a blue bar and says "which is run by unknown".
Modified by ARBlue79
Helpful replies
Just upgraded to the latest version and it still has the same problem. Is this a common problem with FF?
Go to answer 2Hi mcapone, I've attached a screen shot of what I see on https://www.paypal.com/home. What do you get for that identical URL -- gray padlock? globe icon?
Go to answer 1Additional System Details
Application
- User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.56 Safari/537.17
More Information
Please update to Firefox 18.0.1 and try there
Helpful Reply
Just upgraded to the latest version and it still has the same problem. Is this a common problem with FF?
Question owner
Just go to the following site which has an EV certificate installed:
https://managed.entrust.net/idgcms/
You can check this with Chrome and IE and it displays the green bar, but not with FF.
If you see a blue bar then Firefox uses a DV certificate and not an EV certificate.
Did you remove the old DV certificate?
Can you post a link to your site?
You can try to remove the currently used intermediate certificate to see if that makes Firefox use the new certificate.
- Tools > Options > Advanced : Encryption: Certificates - View Certificates
Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
- Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies" from sites causing problems:
- Tools > Options > Privacy > Cookies: "Show Cookies"
Question owner
You can check out the public Entrust site which has an EV certificate. It does not show a green bar in FF, but does with the other browsers.
It is a green EV certificate for me.
Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
If that helped to solve the problem then you can remove the renamed cert8.db.old file.
Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
If that didn't help then remove or rename secmod.db (secmod.db.old) as well.
Question owner
Thanks for the follow-up. I deleted the cert.db file entirely , cleared all my cache and history. When I go to the site, I get the attached in my browser bar. Can you post a screenshot of what you see?
Did you inspect this certificate to see if it is really the correct certificate chain.
managed.entrust.net Entrust Certification Authority - L1E Entrust Root Certification Authority Entrust.net Secure Server Certification Authority
Any updates on this? I'm seeing the same issue with Firefox 20.0.1. Not a single site is correctly displaying the green bar for EV SSL (including, for example, Paypal). I have cleared cache and removed certificates as suggested. The sites do show the green bar in Chrome and IE.
Modified by mcapone
Helpful Reply
Hi mcapone, I've attached a screen shot of what I see on https://www.paypal.com/home. What do you get for that identical URL -- gray padlock? globe icon?
Gray padlock. Two other computers here are displaying the same thing, while a third computer (in one of our branch offices) appears to be correctly rendering green bars. It occurred to me that some add-on might be messing us up (the computers with the issue are all developer machines with Firebug and HTTPFox installed), but I restarted with add-ons disabled and had the same issue.
Hi mcapone, if you click the gray padlock and click More Information then View Certificate, what do you see there? I've attached what I get, which is clearly indicated as an EV SSL cert. Is yours also showing as EV SSL?
Do you use any proxies that could be decrypting/re-encrypting your connection?
Modified by jscher2000
OK, no proxies or anything like that. Clicking the padlock gives all the appearance of a standard (non-EV) SSL key, but viewing the certificate clearly identifies it as an EV SSL with the same serial number and SHA fingerprint as you see.
Very interesting...
can you try to replicate this behaviour when you launch firefox in safe mode once?
Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems
OK, I did restart Firefox in safe mode, and the problem persisted. However, that train of thought inspired me to create a new FF profile (via -profilemanager) and launch that fresh new profile. Under the newly minted profile, the EV SSL renders properly. When I return to my original profile, I get the bad behavior again.
So, clearly, there is something questionable in one of my profile files somewhere. I've had this same profile since Firefox 3, and before that it was probably imported from Seamonkey. So I'd be the first to acknowledge that all bets are off.
However, another machine here is a relatively newly-deployed Win7 box that had Firefox only since version 19 or so, and the developer in question does not use FF much at all, so his main profile ought to be relatively clean. He, as well, has the EV display issue on his FF, but creating a new profile also corrects the display for him (under the new profile).
Did you try to delete the prefs.js file to reset all preferences?
Where you using a userChrome.css file to customize the user interface?