If the only certificate that is shown is the server certificate, the server is not providing the certificate chain, only the server certificate. This way, you wont be able to get the CA certificate from the SSL connection. Maybe your network admins want to fix that too.
What is strange is that exceptions are not working as expected. Is there any chance that the certificate is changing from time to time? I really think you will need to discuss what is happening with the server admins. On Tue, Jun 18, 2013 at 3:07 AM, A A <[email protected]> wrote: > When I go to SSL site I see this message in fx: > > "You have asked Firefox to connect securely to news.ycombinator.com, > but we can't confirm that your connection is secure. > > Normally, when you try to connect securely, > sites will present trusted identification to prove that you are > going to the right place. However, this site's identity can't be verified. > What Should I Do? > If you usually connect to this site without problems, this error could > mean that someone is > trying to impersonate the site, and you shouldn't continue. > > news.ycombinator.com uses an invalid security certificate. > > The certificate is not trusted because no issuer chain was provided. > > (Error code: sec_error_unknown_issuer)" > > And then I go to Add exception -> View -> Details tab -> Certificate > hierarchy but there is only news.ycombinator.com present. When I > export it and try to import it into fx I get: > > "This is not a certificate authority certificate, so it can't be > imported into the certificate authority list." > > So I think this is not CA certificate but a server certificate. > > And about recurring errors on the same site: I have a number of server > exceptions in "Servers" list under my company custom CA certificate in > Advanced -> View Certificates -> Servers. All of them are marked > "Permanent". Nevertheless, the error page I described above appears > from time to time even on sites that I have previously added to a > trusted list. It's extremely annoying and I don't know why this > happens. I use Firefox 21. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > -- -- Cristian Thiago Moecke
