Missing Microsoft certificates (SEC_ERROR_UNKNOWN_ISSUER)
Hi guys,
I'm running Firefox ESR 52.4.0 (Debian) and 52.4.1 (Windows) and noticed that some Microsoft certificates are not installed by default. https://www.catalog.update.microsoft.com/ gives SEC_ERROR_UNKNOWN_ISSUER.
It turned out, that e. g. Microsoft IT TLS CA 5 is not installed by default.
Source: https://www.microsoft.com/pki/mscorp/cps/default.htm
Installing the certificate manually, solved the issue.
Is it a bug or a feature?
Alle Antworten (4)
Firefox ships with certain trusted root certificates, but most website certificates do require one or more intermediate certificates to complete the chain of trust up to the root.
Usually if a site sends the intermediate certificate to Firefox, there's no problem. It seems fine for me accessing right now in Firefox 56. Also, the SSLLabs test page shows no problems. Perhaps it was a transient glitch?
Large sites that use a Content Distribution Network occasionally have a misconfigured server that doesn't send the intermediate cert(s), so that also could be a factor.
Hmm,
Firefox 57 has the same issue. After creating new profiles, the issue persists.
I'm gonna do some tests later. Thanks for your reply and your technical details.
Did you ask this before under another name ?
https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
@Pkshadow
Nope. You are referring to a knowledge base article, not a question.