
Cert on goggles.mozilla.org is not trusted by Mozilla - arve0
https://sslanalyzer.comodoca.com/?url=goggles.mozilla.org
======
JonathonW
Actually, it is (they're using an EV certificate from DigiCert).

The problem here is that their servers are misconfigured-- they're not sending
the whole certificate chain (missing DigiCert's EV server intermediate CA).
This caps their score on SSL Labs and apparently breaks the Comodo analyzer.

Doesn't seem to be anything else wrong, or anything that (AFAIK) impacts
security. Just a performance problem (the browser has to download the missing
intermediate if it's not already present in its cache).

~~~
viraptor
> they're not sending the whole certificate chain (missing DigiCert's EV
> server intermediate CA)

This is probably the most common issue I see when people configure their
https. It happens all the time and unless you test all the browser/system
combinations, you won't even know that.

(Or unless you use ssllabs - they do a good job of showing the issue)

------
libeclipse
Doesn't achieve a favorable result on SSL Labs either.

[https://www.ssllabs.com/ssltest/analyze.html?d=goggles.mozil...](https://www.ssllabs.com/ssltest/analyze.html?d=goggles.mozilla.org&latest)

~~~
pfg
This seems to be due to an incomplete certificate chain, which is probably
also the reason why Comodo's SSL Analyzer says the certificate isn't trusted.
Only browsers that have previously cached the intermediate certificate (or
those that automatically fetch them) would trust this certificate.

Without the chain issue, this would be an A or A+, unless I'm missing
something.

------
pritambaral
Actually loading it in my local installation of Firefox 49.0.1 shows up as
secured. With HSTS and EV.

[http://i.imgur.com/ykQufPO.png](http://i.imgur.com/ykQufPO.png)

