![problems after firefox 51.0.1 upgrade problems after firefox 51.0.1 upgrade](https://i.stack.imgur.com/O4s3n.png)
The underlying code is tricky to debug, but I believe I already understand enough to make a good guess on the probable cause. In that case, Firefox CAN validate the server-cert.Ĭomment 9 Kai Engert (:kaie) (inactive account) (by making it availble for download under the right mime type)
#PROBLEMS AFTER FIREFOX 51.0.1 UPGRADE INSTALL#
Install the update-ca-trust directly into the Firefox trusted CA store (At this point Firefox entirely fails to validate the server-cert) Remove the root-CA-cert from /etc/pki/ca-trust/source again and run Firefox indeed manages to set up the validation chain from root-CA-cert down to server-cert but somehow the compariosn on the CN fails. However Firefox rejects the certificate by saying that the names don't match (SSL_ERROR_BAD_CERT_DOMAIN). The certificate of the remote website is then validated by: Make it a trusted certificate by copying it into (The remote server will send "intermed-cert" too as chain) Root-CA-cert -> intermed-cert -> server-certĮvidently, when connecting to that remote site, certificate validation will fail as "root-CA-cert" is not a trusted certificate. Setting up a remote server with a certificate ultimately certified by "root-CA" over a short chain: I have a local certification authority "root-CA"
![problems after firefox 51.0.1 upgrade problems after firefox 51.0.1 upgrade](https://tecadmin.net/wp-content/uploads/2015/12/firefox-develoepr.png)
Thunderbird: No longer accepts TLS server certificate System NSS - Public Key Pinning Extension for HTTP is broken Patch for firefox.spec to enable the fix for F24+F25 Suggested temporary workaround for firefox 52