Integrated CA sometimes doesn't work

Question

Integrated CA sometimes doesn't work

Opened this issue 7 years ago · 2 comments

Hi,
I'm integrating a CA-certificate via CCK2 and generally it does work as intended. The certificate is integrated in every case, but since Firefox-Update 58.0.1 there are some Clients which get the error message "SEC_ERROR_UNKNOWN_ISSUER". I can find my own CA in the Certificate Manager. But the only way I got it to work, is to remove my CA, restart Firefox and add it again manually.
Is this a known problem?
Would it be possible, that a new Version of CCK could remove a CA and add it again afterwards? I guess, this would circumvent the problem.

Regards.

Answer 1 · 2018-05-03T13:24:43.000Z

Unfortunately removing CAs is non trivial for the CCK2 (and the cert team said it was unreliable anyway at shutdown).

Are you using Windows?

Answer 2 · 2018-05-07T11:57:38.000Z

Windows and Linux. But so far this problem only arises on Debian Linux.