Neueste Antworten auf Miss track the intermediate certificatehttps://support.mozilla.org/de/questions/10882342015-10-12T19:24:39-07:00I found an answer from <https://bugzilla.mozilla.org/show_bug.cgi?id=933969> which matches my 2015-10-12T19:24:39-07:00Coconut888https://support.mozilla.org/de/questions/1088234#answer-793394<p>I found an answer from &lt;<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=933969&gt;" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=933969&gt;</a> which matches my understanding, though it's a little strange design for me.
</p><p>Thanks.
</p>Thank you. And I think I understand your answer, this is by design, not a bug.
Actually, when I use 2015-10-11T19:33:24-07:00Coconut888https://support.mozilla.org/de/questions/1088234#answer-792897<p>Thank you. And I think I understand your answer, this is by design, not a bug.
</p><p>Actually, when I use <a href="https://www.sslshopper.com/" rel="nofollow">https://www.sslshopper.com/</a> to check <a href="http://www.google.com" rel="nofollow">www.google.com</a> it also shows that GeoTrust Global CA is an intermediate certificate whose issuer is Equifax, that is same as OpenSSL did.
</p><p>So, the site <a href="http://www.google.com" rel="nofollow">www.google.com</a> provide a server certificate and 2 chained (intermediate) certificates to the user agent, but Firefox uses a effitive way to use its built-in certificate and drop the provided second intermediate certificate (chained version GeoTrust Global CA).
</p><p>Am I mis-understand&nbsp;? However, I have a question that how if the site provided GeoTrust Global CA certificate has a different public key than built-in one, what would Firefox do&nbsp;?
</p>Firefox has the GeoTrust Global CA as a trusted built-in root certificate, so there is no need to ha2015-10-11T03:26:16-07:00cor-elhttps://support.mozilla.org/de/questions/1088234#answer-792613<p>Firefox has the GeoTrust Global CA as a trusted built-in root certificate, so there is no need to have it chained to another root certificate.
You can see that in the certificate manager and if you inspect the GeoTrust Global CA in the Details pane.
</p><p>OpenSSL may use a different certificate store for this certificate.
</p>