X
Tap here to go to the mobile version of the site.

منتدى الدعم

Firefox regards StartCom SSL connections as "Untrusted"

Posted

StartCom is an SSL certificate authority which issues free class1 SSL certificates for websites. I have installed their SSL certificates on a few websites and each of them when accessed in firefox, presents an error entitled, "This Connection is Untrusted." Having tried to access the websites in all other popular browsers, including: IE 8.0, IE 9.0RC, Safari, Opera and Google Chrome, I have had no issues and the websites' SSl pages were displayed in these browsers without any issues.

StartCom is an SSL certificate authority which issues free class1 SSL certificates for websites. I have installed their SSL certificates on a few websites and each of them when accessed in firefox, presents an error entitled, "This Connection is Untrusted." Having tried to access the websites in all other popular browsers, including: IE 8.0, IE 9.0RC, Safari, Opera and Google Chrome, I have had no issues and the websites' SSl pages were displayed in these browsers without any issues.

Additional System Details

This happened

Every time Firefox opened

This started when...

This has been happening for over 4 years.

Installed Plug-ins

  • Office Plugin for Netscape Navigator
  • Adobe PDF Plug-In For Firefox and Netscape
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Default Plug-in
  • Google Update
  • Shockwave Flash 10.2 r152
  • iTunes Detector Plug-in
  • Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers
  • 4.0.60129.0
  • NPWLPG
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • Version 1.1.7, copyright 1996-2011 The VideoLAN Teamhttp://www.videolan.org/

Application

  • User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17567 solutions 158896 answers

Firefox has the StartCom root certificate.

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates

Are you sending all required intermediate certificates?

Firefox has the StartCom root certificate. * Tools > Options > Advanced : Encryption: Certificates - View Certificates Are you sending all required intermediate certificates? *http://www.networking4all.com/en/support/tools/site+check/

Question owner

Many thanks cor-el for your reply, I have checked the site URL using the link you posted above. All seems fine but firefox still displays the same "untrusted" message.

The answer to your question is yes. I have downloaded all relevant intermediate certificates and uploaded them in one single bundle. Firefox still doesn't like it.

The site's URL is: www.saversquare.com

Many thanks cor-el for your reply, I have checked the site URL using the link you posted above. All seems fine but firefox still displays the same "untrusted" message. The answer to your question is yes. I have downloaded all relevant intermediate certificates and uploaded them in one single bundle. Firefox still doesn't like it. The site's URL is: www.saversquare.com

Modified by marxam

cor-el
  • Top 10 Contributor
  • Moderator
17567 solutions 158896 answers

No problems here with that website.
I've seen such issues before and it helps in such cases if you remove the stored intermediate certificates that are used by that connection, in this case the "GeoTrust DV SSL CA".

Stored intermediate certificates show as "Software Security Device" in the Security Device column in the Certificate Manager.

  • Tools > Options > Advanced : Encryption: Certificates - View Certificates
No problems here with that website.<br /> I've seen such issues before and it helps in such cases if you remove the stored intermediate certificates that are used by that connection, in this case the "GeoTrust DV SSL CA".<br /> Stored intermediate certificates show as "Software Security Device" in the Security Device column in the Certificate Manager. *Tools > Options > Advanced : Encryption: Certificates - View Certificates

Question owner

You see no problem now because after trying everything I possibly could with the StartSSL certificates, I ditched the idea of a free cert and opted for a new GeoTrust certificate, got it in a couple of hours and I had the site up and running in all browsers in no time.

There are other sites I am managing that use startssl where the problem still persists.

Here's a link to another example: [CAUTION: CONTENT WARNING]

https://www.itickle.co.uk/

You see no problem now because after trying everything I possibly could with the StartSSL certificates, I ditched the idea of a free cert and opted for a new GeoTrust certificate, got it in a couple of hours and I had the site up and running in all browsers in no time. There are other sites I am managing that use startssl where the problem still persists. Here's a link to another example: [CAUTION: CONTENT WARNING] https://www.itickle.co.uk/

Modified by marxam

cbrandle 0 solutions 1 answers

You have a problem with implementing the StartSSL keys on your server. To test use this command: echo GET | openssl s_client -connect www.itickle.co.uk:443 -state -showcerts

Basically it says you have imported the wrong StartSSL root public key on your server.

You have a problem with implementing the StartSSL keys on your server. To test use this command: echo GET | openssl s_client -connect www.itickle.co.uk:443 -state -showcerts Basically it says you have imported the wrong StartSSL root public key on your server.