|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
16 Nov 2013, 06:01 AM | #1 |
Member
Join Date: Oct 2005
Location: Mississauga, Ontario, Canada
Posts: 30
|
New Runbox SSL certificate not recognized by Firefox
Today, just now, when trying to connect to Runbox web securely via my PC on Firefox 24.0 and my Mac on Firefox 25.0, I'm getting the following error from each browser:
"This Connection is UntrustedSubsequently, I noticed that Runbox changed its certificate very recently, since the current certificate's issue date shows three days ago (Nov. 12, 2013). It's been my experience, as a web developer, that some web browsers might come with the required Certificate Authority (CA) already recognized (pre-installed with the browser, or downloaded in an update), whereas other browsers require the web server to not only present its own certificate, but also the certificates of intermediate authorities that lead up to a known root, in case the browser doesn't recognize the intermediate(s). This set of certificates is the "issuer chain" that is referred to in the error message above. It's easy to forget to install the full chain and only install the one certificate for the server itself, especially if you don't test with all the browsers. Is Runbox's server configured to offer up the certificate chain, or only its own certificate? Did Runbox test with a current version of Firefox to see if the newly-issued certificate would be recognized by that browser? Thank you. |
16 Nov 2013, 06:16 AM | #2 |
Member
Join Date: Oct 2005
Location: Mississauga, Ontario, Canada
Posts: 30
|
Looks like it isn't just me having an issue. The Qualys SSL Labs link that Runbox posted in its own blog post on "Runbox now supports Forward Secrecy" is also reporting issues with the issuer chain:
See https://www.ssllabs.com/ssltest/anal...l?d=runbox.com Though I'm surprised Qualys would still report an "A" rating despite such server misconfiguration. |
16 Nov 2013, 06:19 AM | #3 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
We installed a new Extended Validation just now and unfortunately we had omitted an intermediate certificate. Sorry about that -- please refresh the page and you should no longer get an error.
- Geir |
16 Nov 2013, 06:20 AM | #4 |
Member
Join Date: Oct 2005
Location: Mississauga, Ontario, Canada
Posts: 30
|
Working now! Thanks.
I can confirm it is now working. Thank you for the quick turnaround.
|
16 Nov 2013, 06:31 AM | #5 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
Thanks for the reminder about intermediate certificates -- we have been back and forth with GlobalSign a few times and of course we only forgot the intermediate certificate when we had finally made everything else work as it should.
- Geir |