X
Tap here to go to the mobile version of the site.

Support Forum

Problem with COMODO ca certificate

Posted

Hi, i have problem with ca comodo certificate. I bought the ssl wildcard certificate in COMODO, it's fine work in all browsers except some versions of firefox. I game developer, create game, it's game load xml from url https://fwassets.voltapps.ru/assetsSources/lobby/lobbyDescription.xml

and show security error (image attached). In error

wassets.voltapps.ru использует недействительный сертификат безопасности. К сертификату нет доверия, так как отсутствует цепочка сертификатов издателя. (Код ошибки: sec_error_unknown_issuer) {text in russian}

Exception reason is undefined ca comodo certificate. Undefined certificate you can see here http://fwassets.voltapps.ru/comododomain.cer .

Technical details: Mac os x yosemite firefox 35.0

Sorry for my english. Thanks for help

Hi, i have problem with ca comodo certificate. I bought the ssl wildcard certificate in COMODO, it's fine work in all browsers except some versions of firefox. I game developer, create game, it's game load xml from url https://fwassets.voltapps.ru/assetsSources/lobby/lobbyDescription.xml and show security error (image attached). In error wassets.voltapps.ru использует недействительный сертификат безопасности. К сертификату нет доверия, так как отсутствует цепочка сертификатов издателя. (Код ошибки: sec_error_unknown_issuer) {text in russian} Exception reason is undefined ca comodo certificate. Undefined certificate you can see here http://fwassets.voltapps.ru/comododomain.cer . Technical details: Mac os x yosemite firefox 35.0 Sorry for my english. Thanks for help

Chosen solution

Thanks for help. Problem was at cdn provider, they delete intermediate certificates from ca-bundle file (In my web server all fine).

Read this answer in context 0

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.91 Safari/537.36

More Information

guigs 1072 solutions 11697 answers

Helpful Reply

This cert was already installed was the message I received when I tried. It might be that there is a default list of certs that are added when Firefox is installed.

This will tell you what version that it was added by default: https://www.mozilla.org/en-US/about/g.../included/ via https://docs.google.com/a/mozilla.com.../pub?key=0Ah-tHXMAwqU3dGx0cGFObG9QM192NFM4UWNBMlBaekE&single=true&gid=1&output=html

This cert was already installed was the message I received when I tried. It might be that there is a default list of certs that are added when Firefox is installed. This will tell you what version that it was added by default: [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/included/] via [https://docs.google.com/a/mozilla.com/spreadsheet/pub?key=0Ah-tHXMAwqU3dGx0cGFObG9QM192NFM4UWNBMlBaekE&single=true&gid=1&output=html]
cor-el
  • Top 10 Contributor
  • Moderator
17481 solutions 157977 answers

Helpful Reply

Note that Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future usage. If a server doesn't send a full certificate chain then you won't get an untrusted error when Firefox has stored missing intermediate certificates from visiting a server in the past that has send it, but you do get an untrusted error if this intermediate certificate isn't stored yet.

You always need to test for possible server issues with a clean profile or temporarily rename the existing cert8.db.

You can inspect the certificate chain via a site like this:

Note that Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future usage. If a server doesn't send a full certificate chain then you won't get an untrusted error when Firefox has stored missing intermediate certificates from visiting a server in the past that has send it, but you do get an untrusted error if this intermediate certificate isn't stored yet. You always need to test for possible server issues with a clean profile or temporarily rename the existing cert8.db. You can inspect the certificate chain via a site like this: *http://www.networking4all.com/en/support/tools/site+check/ *https://www.ssllabs.com/ssltest/

Chosen Solution

Thanks for help. Problem was at cdn provider, they delete intermediate certificates from ca-bundle file (In my web server all fine).

Thanks for help. Problem was at cdn provider, they delete intermediate certificates from ca-bundle file (In my web server all fine).