on 03-30-2015 11:45 AM
Hi All,
We are implementing SSL for AS ABAP with the certificate signed by Secure Login Server 2.0. After the root CA certificate is exported from the secure login server and distributed to clients using Microsoft Group Policies, the certificate cannot be accessed with Firefox, resulting in the warning about the "invalid security certificate" (The certificate is not trusted because the issuer certificate is unknown). IE and Chrome can access the certificate in certificate store so there is no warning shows.
According to the requirement:
What are other available options to import the root CA certificate to Firefox browser on many workstations on the same domain?
I would be very grateful for any contribution regarding this issue.
Best regards,
Duy
Hello Duy,
It is an interesting problem, I was keen to understand why its happening. I searched on google and found the following:
IE & Chrome use the Windows OS root certificate store as a valid repository to build the certificate chain and hence when you add a new root certificate via distribution, they are automatically accessible and hence it would work.
FireFox doesn't trust the OS root certificate store, as FireFox assumes that any user with sysadmin privileges may be able to update the Windows root certificate store. So if your system was compromised, a hacker may add a fake root certificate into your OS root certificate store and trick you into believing that the site you are accessing was a legitimate one.
This is documented in the Mozilla thread (scroll to the bottom half).
https://bugzilla.mozilla.org/show_bug.cgi?id=432802
Although it was reported as a bug, the security admins / members / developers of the mozilla project say that this won't be added to mozilla in the future too.
So unfortunately, it looks like export of root certificate store from IE and import into Mozilla maybe the only option, or the other option that you suggested.
Regards,
Siddhesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.