We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Was "VeriSign Class 3 International Server CA - G3" certificate authority removed from FF 3.6.12?

  • 3 fhreagra
  • 268 leis an bhfadhb seo
  • 2 views
  • Freagra is déanaí ó cor-el

more options

We have a site that has a SSL certificate with this authority and now we are seeing "Untrusted connection". This was working fine with older versions of FireFox.

We have a site that has a SSL certificate with this authority and now we are seeing "Untrusted connection". This was working fine with older versions of FireFox.

All Replies (3)

more options

That is an intermediate certificate that a server needs to send. Firefox will store such a certificate in the Certificate Manager as Software Security Device and store it in cert8.db for future use. So if cert8.db was deleted or you use a new profile then you won't have that certificate unless the server sends it.

See https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130

more options

Hi cor-el, for some reason firefox does not seem to retrieve this intermediate certificate from the webserver, EVEN when the issuer of the intermediate certificate is in the trusted root store of firefox. I had to add an exception manually. I checked this with IE and Opera and both retrieve the correct intermediate g3 certificate when it is not installed on the client. Why does firefox not use the operating system certificate store anyway? This is causing heaps of problems since our website is using the new verisign G5 root and G3 intermediate certificates. We are getting complaints from customers using firefox claiming our website is not safe.

more options

It is the responsibility of websites to send all required intermediate certificates. If websites do not send them and Firefox hasn't stored them from a past visit to other websites that send them then you get then not trusted error message. Firefox is a multi platform application and every platform would require a different approach for each supported feature. That would require a lot of extra code that the devs want to avoid, even if APIs for such an enhancement (don't know about this one).

You can also check certificates via other test sites.