Example: Try with Gmail. Key will be different on Mozilla and Chrome.

Could you post screen shots from Chrome and Firefox showing where you are getting the keys for comparison? In case that isn't clear, it also would be helpful if you describe the steps you are using to make the comparison you're suggesting we try for ourselves.

There can be multiple versions of intermediate certificates that Firefox stores automatically if the CA or server has updated the certificate, but you already had stored it.

You can untrust/delete saved intermediate certificates in the Certificate Manager that show as "Software Security Device" to make Firefox save the certificate on the next visit of a server that sends it.

Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future use, so if you have visited a website that has send this intermediate certificate in the past then Firefox will not display the error page when you visit a server that doesn't send this intermediate certificate.

You can rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

Firefox will automatically store intermediate certificates that servers send in the Certificate Manager for future use.

You can use this button to go to the current Firefox profile folder:

• Help > Troubleshooting Information > Profile Directory:
  Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder
• http://kb.mozillazine.org/Profile_folder_-_Firefox

Note that intermediate certificate also can change if the company is bought by another company like with VeriSign and Symantec.

Please find the screenshot of public key comparison for gmail.

jscher2000 said

Could you post screen shots from Chrome and Firefox showing where you are getting the keys for comparison? In case that isn't clear, it also would be helpful if you describe the steps you are using to make the comparison you're suggesting we try for ourselves.

I researched this a bit, and it seems:

• Firefox displays the public key in base64 encoding
• Windows certificate store displays the public key in binary encoding

It's possible to convert between these, and the Windows dialog can export in base64, but the best method for you depends on your project. What I don't think you can do is modify what browsers display in their dialogs so some kind of external tool will be needed.

Some references:

• http://stackoverflow.com/questions/23570858/why-does-cer-file-public-key-not-contain-rsa-exponent

• http://stackoverflow.com/questions/24492981/x-509-certificate-public-key-in-base64

• https://support.globalsign.com/customer/portal/articles/1353601-converting-certificates---openssl