stackoom
  简体   繁体   中英

SSL sec_error in 'standalone' web app, full browser ok

 原文  2013-12-26 18:20:32       firefox/ ssl/ firefox-os/ html5-apps

Question

I have set up a local webserver in a virtual machine for testing firefox web apps. That server has also been setup as certificate authority to avoid the 'risk messages' for local testing, and i signed a certificate for the webserver.

So, calling the web app in firefox displays no more warnings.

Installing the web app as 'standalone' still displays an alert (messagebox):

The certificate is not trusted because no certificate issuer chain was provided. (Error code: SEC_ERROR_UNKNOWN_ISSUER) (translated by google translator)

Dem Zertifikat wird nicht vertraut, weil keine Zertifikatsausstellerkette angegeben wurde. (Fehlercode: sec_error_unknown_issuer) (german message)

I am using Apache2.2 and Openssl on debian_wheezy_64 and i think i have done everything allright, can't figure out what the standalone web app is missing with that ssl error message.

Update: As it seems that the standalone web app environment does not know anything about the firefox browser certificates(chain), i configured the webserver (mod_ssl virtualhost) to provide a direct chain to the (self)root ca:

SSLCertificateChainFile /path_to/ca.crt

Now the problem is, that because maybe the standalone environment does not know the certificate authorities added to firefox, the sec_error know says

The certificate is not trusted because the issuer certificate is not trusted

I think it makes sense (or no sense...) if the standalone environment has an own certificate management, so the question is, how to tell the standalone environment that i trust the (self)root ca.

1 answers

solution1
 0  2013-12-26 18:42:11

You need to configure the standalone environment with a default trusted certificate chain - "The certificate is not trusted because no certificate issuer chain was provided "

When you install Firefox, it comes preconfigured with a set of certificates that it trusts by default. Any certificates whose signature chain terminates at the top with one of these preconfigured certificates will be automatically trusted. For instance, I use opera on windows and by default it trusts a whole host of certificate authorities: Opera的默认受信任CA的屏幕截图

You probably need to configure your standalone environment with a list of default trusted certificate authorities.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL : sec_error_unknown_issuer Firefox and SSL: sec_error_unknown_issuer browser implication when ajax call every 3 sec SEC_ERROR_INADEQUATE_KEY_USAGE in firefox for react app with HTTPS=true & HOST=xxx Weak DH ssl_error_bad_cert_alert Firefox but Chrome is OK Is testing web app on android native browser is enough? Aptana internal web browser error, Ubuntu 12.04 disable ssl warnings in browser why does my secure ssl page give Error code: sec_error_revoked_certificate even though certificate is current and all links/stylesheets/etc are secure SSL Certificate Mismatch in IE 7+, OK in Firefox 3.6+
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM