Page 1 of 1

Problem with CDOL Certificate

Posted: Thu Jan 28, 2010 11:44 am
by jlarso5
Tried to get on CDOL this morning with Firefox (3.6) and got an untrusted connection error due to an invalid certificate. I just proceeded and all seemed to work ok, but thought someone should know.

Posted: Thu Jan 28, 2010 1:19 pm
by mzundel
The problem is with the new certificate for cdol. The certificate has been signed using the "COMODO High Assurance Secure Server CA" which is not part of FireFox. For my Windows 7, it was part of my certificate store of Windows. FireFox does not use this certificate store and instead has its own.

I resolved this issue by the following:
1. Run MMC.EXE
2. Click on File then Add/Remove Snap-in... (or press <crtl><m>)
3. Highlight Certificates and the click Add
4. Make sure it has "My user account" selected then click Finish
5. Click OK
6. Double click on Certificates - Current User
7. Double click on Intermediate Certification Authorities
8. Click on Certificates
9. Double click on the COMODO High Assurance Secure Server CA certificate
10. Click on the Details tab
11. Click on the Copy to File button
12. Click Next
13. Verify DER is selected and then click Next
14. Type/browse the file name to save (just remember the filename you choose and where you saved it -- I saved mine to the desktop for ease of finding)
15. Click Next
16. Click Finish
17. Close MMC -- you don't need to save the settings
18. In FireFox, Click on Tools/Options
19. Click on the Advanced section
20. Click on the Encryption tab
21. Click on the View Certificates button
22. Click on the Import button
23. Find the file you saved above and double click on it
24. Place the check in "Trust this CA to identify web sites" and then Click OK
25. Click OK
26. Click OK
27. Retry the website

For whatever reason, Mozilla didn't include this as a root certificate; Microsoft did include it.

Posted: Thu Jan 28, 2010 3:43 pm
by mfmohlma
This is now occurring for all church websites in Firefox. The new certificate is for all of * I guess we'll all need to add this authority.

The certificate can also be found here.