Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#19371 closed defect (not a bug)

Cert error only on Tor Browser

Reported by: mrphs Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Today I encountered an interesting issue where the cert of a website is valid both in chrome and firefox, but not in Tor Browser.

The site in question is: https://ykacademi.com/registration/

Tor Browser returns SEC_ERROR_UNKNOWN_ISSUER but the issuer seems to be valid (Godaddy). After some digging, I thought maybe the reason is that the cert has been issued for a different domain (www.minervalms.com) but it has ykacademi.com listed in its DNS names. And even if this was the issue, Tor Browser is returning the wrong error. But I might be completely wrong about why this error accrues.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by gk

Resolution: not a bug
Status: newclosed

I get the same error in a vanilla Firefox 45.2.0esr. Thus, I think this is not a Tor Browser bug.

comment:2 Changed 3 years ago by cypherpunks

It seems that (among a ton of other errors) the certificate chain is incomplete. See https://www.ssllabs.com/ssltest/analyze.html?d=ykacademi.com

When you've visit other websites that use the same intermediate certificate and these have proper certificate chains, these certificates get cached. Because of this cache you won't see the error appear sometimes.

Try going to the site in question again and see if you get the error, if so go to https://godaddy.com/ (which has a proper certificate chain with the same intermediate certificate) and then go back to the site. It should not give the error anymore.

Note: See TracTickets for help on using tickets.