I am reluctant to report this as a "bug" without at least asking first: On my website I have installed a Comodo InstantSSL certificate. With Firefox 3.6 on Win7, it works fine and displays the blue bar next to the URL. Clicking on this bar to to view the certificate, on the "Details" tab the hierarchy shows the root certificate as AddTrust External CA Root. With Firefox on WinXP (I've tested two), it displays an error "Untrusted Connection... The certificate is not trusted because the issuer certificate is unknown." After clicking "I understand the risks" / Add Exception / Get Certificate / View / Details, there is no certificate hierarchy, just the domain. But on this same machine, when I look under Options / View Certificates / Authorities, the AddTrust External CA Root certificate is installed! The RSA-encrypted signature seems to match the signature of the certificate used successfully by Firefox on the Win7 machine to identify my web site. (For anyone who's curious, IE8 opens the web site on both platforms and uses this same AddTrust security object to verify it, as matched by the SHA-1 thumbprint.) Also, on the WinXP machine, when I click "Edit" on this certificate, I am able to verify the checkbox is selected for "This certificate can identify web sites." So why isn't it? Note: I am unable to verify that the intermediate certificates are installed on the server -- their tech support has escalated that for someone with the right permissions to check. Regardless, if Firefox on WinXP has the certificate object built in, why isn't Firefox using it? Thanks for any information how to interpret this behavior.