Reputation: 746
Certificate chain not visible in Firefox
We have installed the certificate chain on our Load balancer. When we visit the site in chrome, we don't get any issue and the chain in visible.
But, in certain versions of Firefox the certificate chain is not displayed and hence we get the "The connecting is untrusted error".
What could be causing this, we have cleared the cache. But the certificate is not getting displayed with the chain.
Upvotes: 1
Views: 3209
Answers (1)
Reputation: 123340
This is typically the case if the chain is not send (fully) by the server (or in this case the load balancer). Chrome looks for this missing chain certificates by itself while Firefox does not. But Firefox caches intermediate certificates from earlier connections to other sites so if the right sites were visited before then the missing certificates are already known by Firefox and will be used to complete the trust chain. But if you would use a fresh Firefox profile no certificates are cached and thus you get the validation error.
Browsers are not a good tool to check what is actually sent by the server. A better tool is openssl s_client. If the site is public accessible you might also check it against SSLabs which also shows if the chain sent by the server is incomplete and which certificates are missing from the chain.
Upvotes: 3
Related Questions
- Why is Firefox not trusting my self-signed certificate?
- How do I view and clear up untrusted certificates in a browser?
- SSL certificate exception in Firefox
- How to get Certificate Chain to Show on Google Chrome
- SSL Certificate - The certificate is not trusted in all web browsers
- Firefox says certificate is untrusted even though the certificate chain is good
- SSL Certificate Chain Incomplete
- Certificate chain valid in Chrome, not Firefox or Android
- certificate chain not found
- SSL Certificate - Certification Path in browser different from Certificate Chain File