In the past i was able to access and use https://secure.byond.com/ with no issue then within the past month I've run into an issue after updating Firefox to v3.6. When i try to use the log in function which directs me to that URL i get a "This Connection is Untrusted" error with the more specific one in technical support being "secure.byond.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)". It is unknown to me who the certificate issuer was before but with the current one it is throwing this error every time i try to view it in Firefox.
In Internet Explorer 8 I'm able to view the site and the issuer of the certificate is listed as "PositiveSSL CA" owned by "Comodo CA Limited" with the next certificate higher up on the authority list being "UTN-USERFirst-Hardware" owned by "The USERTRUST Network". However in the Firefox certificate list i'm able to locate the "UTN-USERFirst-Hardware" certificate but not "PositiveSSL CA" even though i have a category for other Comodo certificates.
The previous is what i posted in the Firefox support forums and asked on their IRC network. According to them it may not be an issue in Firefox's CA list but in the way the website handles the certification chain installation and usage. So I'm posting this bug report in order to review weather this is true or not. And/or what steps are needed to not have to add the cert to the exceptions list as those at Firefox chat say the MD5 used is highly unlikely to be a man-in-the-middle hack.
Numbered Steps to Reproduce Problem:
Install an unmodified Firefox v3.6 or earlier with base add-ons/extensions.
Vist any https://secure.byond.com/ page
Code Snippet (if applicable) to Reproduce Problem:
N/A
Expected Results:
Directed to the byond log in page.
Actual Results:
Firefox error page:
This Connection is Untrusted
secure.byond.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)
Does the problem occur:
Every time? Or how often?Every time
In other games? N/A
In other user accounts? N/A
On other computers? Yes
When does the problem NOT occur?
When Internet Explorer 8+ is used to view the site. But it has been stated that IE uses compromising SSL authority certificate validation methods.
When the certificate secure.byond.com is added to the Firefox SSL exceptions list.
Did the problem NOT occur in any earlier versions? If so, what was the last version that worked? This issue has been around since at least the beginning of this moth. The last time before then i was able to view that site and log in normally via Firefox.
Workarounds:
Add the certificate secure.byond.com to the Firefox exceptions list (stop-gap measure as it still says the certificate is invalid even though it's forced to accept/use it)
The provider is legitimate, though, so it is safe to add an exception. I'll send an inquiry to see if this can be fixed.