Comodo certificate apparently recognized in IE but not FF/Seamonkey/

Question

I am trying to get a Comodo certificate recognized on a webserver written in Python using ssl. When I visit in IE8, the certificate is recognized without difficulty. But when I visit with Firefox 3.0.11/Ubuntu, it says the CA is invalid.

Should Firefox recognize Comodo certificates without giving an invalid CA warning? What can I do to get a certificate recognized? I am presently using a 90-day free trial.

What additional details should I give?

ATdhvaannkcse, Jonathan

Answer 1

I asked my system administrator for whatever input he might have, and not that long after, he wrote:

--BEGIN QUOTATION--

Based on the following links I think Mozilla might be upset with Comodo. I wonder if that is why they don't trust the CA. Would they even trust a non-free cert we got from Comodo?

http://benjamin.smedbergs.us/blog/2008-12-24/how-to-disable-the-comodo-root-certificate-in-firefox/ http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/9c0cc829204487bf?pli=1 https://bugzilla.mozilla.org/show_bug.cgi?id=470897

--END QUOTATION--

I'm looking into GoDaddy or other options.

Answer 2

Certificates are based on trust. Certificate authorities issue certificates and sign them using their root certificates. Browsers come installed with a collection of trusted root certificates from certificate authorities like VeriSign.

It may be that your certificate is from a certificate authority signed by a root certificate that only IE8 trusts and not your particular version of Firefix. You can inspect the certificate to see how it is signed.

In fact, if you didn't purchase your certificate from a certificate authority you may instead have setup things so your certificate is trusted by Windows. IE8 uses Windows for trust, but I believe that Firefox doesn't rely on Windows. Particularily on Ubuntu.