Intermediate certification authorities chain fails
After importing RootCA FireFox still can not load a web page signed by intermediate certification authorities.
Root CA certificate: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/971D3486FC1E8E6315F7C6F2E12967C724342214.crt
Web Site: https://id.rcsc.lt/
Certificate Chain should look like:
RootCa
PolicyCA
IssuingCA
id.rcsc.lt
I have tried IE and Opera and both working fine and detecting certificate chain. Only need to import RootCA cert to establish trust
Why FireFox does not work as expected?
Todas as respostas (4)
A web server needs to send the full chain of intermediate certificates.
Importing the root certificate is not enough.
If the server doesn't send the certificate then you need to install (import) that intermediate certificate as well.
So how then IE and Opera receive full certificate chain? And why FireFox does not receive it?
I think I got why IE and Opera works fine
Inside IssuingCA certificate there is a link to upper CA certificate:
[Authority Information Access] OCSP: URI: http://ocsp.rcsc.lt/ocspresponder.rcsc CA Issuers: URI: http://csp.rcsc.lt/aia/VI%20Registru%20Centras%20RCSC%20(PolicyCA)(2).crt
IE and Opera retrieve PolicyCA certificate and then the same way retrieve RootCA certificate. That how they verify trust
The question remains: why FireFox can't do the same?
Still same in FF5