<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
It seems that Entrust's 2048 bit CA cert is still pending approval
by Mozilla. I had an exception added previously in my RHEL Firefox
settings, which is apparently why it didn't complain.<br>
<br>
<a class="moz-txt-link-freetext" href="https://support.mozilla.org/en-US/questions/1026811">https://support.mozilla.org/en-US/questions/1026811</a><br>
<a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=694536">https://bugzilla.mozilla.org/show_bug.cgi?id=694536</a><br>
<br>
I believe Chrome on Windows uses Microsoft's CA certs, the same ones
IE uses. Entrust must have gotten their CA added to the MS
collection earlier, but dropped the ball on Mozilla's. FWIW, I also
tried Chrome and the older Android browser on an Android 4.0 tablet
and they both accessed that site without complaints.<br>
<br>
<div class="moz-cite-prefix">On 11/21/2014 06:17 AM, Gilles
Detillieux wrote:<br>
</div>
<blockquote cite="mid:546F2D44.3050808@scrc.umanitoba.ca"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
I get an error too with Firefox 30.0 and Firefox 33.1.1 on Windows
7, but not with Firefox ESR 31.2.0 on RHEL 5, nor with IE 11 on
Win7. With FF 30.0, it didn't even give me a chance to look at
the cert or add an exception, but after updating to 33.1.1 I
could. It's an Entrust, Inc. certificate, which doesn't seem like
a no-name CA to me, particularly since many browsers accept it
without complaint. Maybe some Windows builds of Firefox are
missing some root CAs or have a bug that prevent them from parsing
all of the root CAs correctly? Doesn't look like a MitM attack in
any case.<br>
<br>
<div class="moz-cite-prefix">On 11/21/2014 12:24 AM, Hartmut W
Sager wrote:<br>
</div>
<blockquote
cite="mid:CAGQr3cUs_WSN+HAEVFHh+0TZ-VtzAc5ve0Noo2-r_pv2g+SJVQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">I
just tested it, and I also get the "untrusted" treatment,
using Windows Vista and Firefox 33.1.1 (which is a Firefox
upgrade I just got in the last 2-3 days).<br>
<br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">Hartmut
W Sager - Tel +1-204-339-8331<br>
</div>
<div class="gmail_extra">
<div>
<div class="gmail_signature">
<div dir="ltr"><font><span
style="font-family:verdana,sans-serif"><br>
</span></font></div>
</div>
</div>
<br>
<div class="gmail_quote">On 21 November 2014 00:14, Trevor
Cordes <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Does
anyone else get a cert error on this site:<br>
<br>
<a moz-do-not-send="true"
href="https://taxcess.gov.mb.ca/" target="_blank">https://taxcess.gov.mb.ca/</a><br>
<br>
It's invalid in Firefox (latest F19 version: 33.1, just
came out today)<br>
on Linux. But it works ok on Chrome in Windows. Chrome
shows the cert<br>
is brand new this month (I had never had a problem with
their site<br>
before).<br>
<br>
Weird that a trust-validated site like that would have
cert problems,<br>
unless they chose a no-name CA?<br>
<br>
Unless someone is MitM'ing me...</blockquote>
</div>
</div>
</div>
</blockquote>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Gilles R. Detillieux E-mail: <a class="moz-txt-link-rfc2396E" href="mailto:grdetil@scrc.umanitoba.ca"><grdetil@scrc.umanitoba.ca></a>
Spinal Cord Research Centre WWW: <a class="moz-txt-link-freetext" href="http://www.scrc.umanitoba.ca/">http://www.scrc.umanitoba.ca/</a>
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba Winnipeg, MB R3E 0J9 (Canada)
</pre>
</body>
</html>