Certificate error using a SHA-2 certificate
When I go to a site that uses a SHA-2 certificate, I get a certificate error even though the certificate is the correct one for the site.
Alle svar (8)
hello MeanKty, could you provide the url where this is happening and the exact error code you're receiving?
This is the situation. I work for a web hosting company and one of our customers wanted to change their certificate to the SHA-2 certificate since Google is removing support for the SHA-1 in December. I had ordered the SHA-2 algorithm certificate and installed it. When users tried to go to the site they would get a certificate error (and I did test it in house and got the same result). Since 20% of their customers use Firefox, I had to go back to the SHA-1 certificate. I have a certificate that will be installed on Wednesday that will have the same issue if you want to see it then.
hello, there are various reasons why a certificate might fail to verify. what's the error code that is shown on the error page under technical details you're receiving? maybe this list of error codes can already give you a clue: https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates#Error_Codes_in_Firefox_2
I'm working on trying to get the error code so I can see if what you posted would help. When I get that done, I'll let you know if it helped.
Ok, I have the screenshots of what we get. Unfortunately we don't get any error codes, just a certificate error. I've also included the certificate information. It is showing the correct information but for some reason it cannot verify it. We don't have any issues in Chrome or Internet Explorer with the same certificate.
hello, this means that the intermediate certificate isn't installed properly. your server has to present a full chain from the server cert to the intermediate CA to the root CA that is trusted in the browser. for the installation instructions please refer to Comodo's documentation
If the intermediate certificate isn't installed correctly, then why would it work correctly on Internet Explorer, Google Chrome and Safari? The only problem we have is with the Firefox browser. I don't have a problem with installing the certificate again but I'm not sure that it is going to be a fix for this as it works with other browsers with no errors.
Both, IE and Chrome use the Windows built-in certificate store. FF used it's own certificate store. If the entire trust chain cannot be verified you get the security exception prompt.
If the Windows certificate store doesn't know about the intermediate certificate, and you don't get a warning from either IE or Chrome, I'd ask myself what's wrong with these browsers?