Este site irá ter funcionalidade limitada enquanto fazemos manutenção para melhorar a sua experiência. Se um artigo não resolve o seu problema e quiser colocar uma questão, temos a nossa comunidade de apoio à espera de o ajudar em @FirefoxSupport no Twitter, /r/firefox no Reddit.

Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

Esta discussão foi arquivada. Se precisar de ajuda, por favor, coloque uma nova questão.

Why does Firefox 32 suddenly not recognize a certificate?

  • 5 respostas
  • 1 tem este problema
  • 1 visualização
  • Última resposta por n0diamond

n0diamond
n0diamond
more options

Firefox 32 says that https://rcmail.secure.ne.jp/rcmail-05/ is untrusted: rcmail.secure.ne.jp uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)

Website Identity Website: rcmail.secure.ne.jp Owner: This website does not supply ownership information. Verified by: Not specified

Privacy & History Have I visited this website prior to today? Yes, 114 times

Firefox 31 displayed the site just fine before today.


Internet Explorer 10 says everything is still trusted today: SECOM Trust Systems CO LTD Servision Certification Authority rcmail.secure.ne.jp

SECOM's certificate is issued by http://www.valicert.com/ and valid from 1999 to 2019. Servision's certificate is also issued by http://www.valicert.com/ and valid from 2007 to 2017. rcmail.secure.ne.jp's certificate is issued by Servision and valid from 2014.01.08 to 2015.01.16.

Firefox 32 says that https://rcmail.secure.ne.jp/rcmail-05/ is untrusted: rcmail.secure.ne.jp uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) Website Identity Website: rcmail.secure.ne.jp Owner: This website does not supply ownership information. Verified by: Not specified Privacy & History Have I visited this website prior to today? Yes, 114 times Firefox 31 displayed the site just fine before today. Internet Explorer 10 says everything is still trusted today: SECOM Trust Systems CO LTD Servision Certification Authority rcmail.secure.ne.jp SECOM's certificate is issued by http://www.valicert.com/ and valid from 1999 to 2019. Servision's certificate is also issued by http://www.valicert.com/ and valid from 2007 to 2017. rcmail.secure.ne.jp's certificate is issued by Servision and valid from 2014.01.08 to 2015.01.16.

Solução escolhida

hello n0diamond, mozilla removed support for root certificates with RSA key sizes smaller than 2048 bits for security reasons, SECOM was one of them.

https://wiki.mozilla.org/CA:MD5and1024 https://developer.mozilla.org/en-US/Firefox/Releases/32/Site_Compatibility#Security

Ler esta resposta no contexto 👍 0

Todas as respostas (5)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Firefox doesn't come with the "Servision Certification Authority" root certificate. If IE has it then export the certificate in IE and import the certificate in the Firefox Certificate Manager. To make it work as a root certificate you need to set the appropriate trust bits when prompted.

Modificado por cor-el a

n0diamond
n0diamond Proprietário da pergunta
more options

Isn't the root SECOM rather than Servision?

Why would Firefox 31 have displayed the page 114 times without a peep?

n0diamond
n0diamond Proprietário da pergunta
more options

Both IE and Firefox have SECOM's root certificate. Neither IE nor Firefox has a Servision certificate, at least not that I can find, among roots and intermediates and trusted. I think IE trusts Servision's certificate from SECOM's root, and Firefox 31 used to do the same.

philipp
philipp
  • Moderator
more options

Solução escolhida

hello n0diamond, mozilla removed support for root certificates with RSA key sizes smaller than 2048 bits for security reasons, SECOM was one of them.

https://wiki.mozilla.org/CA:MD5and1024 https://developer.mozilla.org/en-US/Firefox/Releases/32/Site_Compatibility#Security

n0diamond
n0diamond Proprietário da pergunta
more options

I see, Internet Explorer 10 has two root certificates for SECOM. One is in SECOM's own name and is 2048 bits. One is in the name of www.valicert.com but has SECOM's name associated in some manner, and is only 1024 bits, so that's the one that was removed in Firefox 32. Servision and rcmail.secure.ne.jp need to be informed to switch to SECOM's newer certificate.