Fraudulent *.google.com certificate issued

Posted Aug 30, 2011 22:53 UTC (Tue) by jebba (guest, #4439)
In reply to: Fraudulent *.google.com certificate issued by raven667
Parent article: Fraudulent *.google.com certificate issued

I'm not certain of it, but it appears to me that x86_64 Firefox in Fedora 14/15 doesn't check the intermediate certs:
https://bugzilla.redhat.com/show_bug.cgi?id=732144

Fraudulent *.google.com certificate issued

Posted Aug 31, 2011 0:29 UTC (Wed) by cesarb (subscriber, #6266) [Link] (1 responses)

Did you check if Firefox had cached the intermediate certificates? It can make things appear to work, but when you try with another computer which has not visited yet any site which uses the same intermediate certificate, it will fail.

(I believe Firefox switched to also caching intermediate certificates because, since Internet Explorer caches intermediate certificates, a lot of people forgot to put the whole chain on their servers, and it "worked" on IE but failed - as it should - on Firefox.)

Fraudulent *.google.com certificate issued

Posted Aug 31, 2011 1:35 UTC (Wed) by jebba (guest, #4439) [Link]

Good suggestion. I believed I would have blown out my ~/.mozilla in the various tests, but I'll confirm that.