Last modified: 2012-01-11 23:58:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T35657, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 33657 - DigiCert High Assurance EV Root CA is not trusted by IE8
DigiCert High Assurance EV Root CA is not trusted by IE8
Status: RESOLVED INVALID
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: Highest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: ops
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-11 11:52 UTC by Liangent
Modified: 2012-01-11 23:58 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
cert (969 bytes, application/x-x509-ca-cert)
2012-01-11 11:55 UTC, Liangent 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Liangent 2012-01-11 11:52:20 UTC 
This is the root cert used by *.wikipedia.org and when I'm browsing Wikipedia on a public computer (or say, just a terminal) it complains about this.

Internet Explorer 8, version 8.0.6001.18702
Windows Server 2003, version 5.2 (3790.srv03_sp2_gdr.101019-0340)
Comment 1 Liangent 2012-01-11 11:55:52 UTC 
Created attachment 9840 [details]
cert
Comment 2 Liangent 2012-01-11 11:56:30 UTC 
The attached cert is the one in question (the one IE8 complains about).
Comment 3 Mark A. Hershberger 2012-01-11 18:48:50 UTC 
Flagging this for Ops
Comment 4 Ryan Lane 2012-01-11 18:50:40 UTC 
Which URL are you hitting where it complains?
Comment 5 Mark A. Hershberger 2012-01-11 18:57:34 UTC 
works for me on en.wikipedia.org ... so, yes, a URL would help
Comment 6 Mark A. Hershberger 2012-01-11 19:05:28 UTC 
works for me on en.wikipedia.org with IE8 v 8.0.6001.19170 ... so, yes, a URL would help
Comment 7 Liangent 2012-01-11 23:12:07 UTC 
(In reply to comment #5)
> works for me on en.wikipedia.org ... so, yes, a URL would help

I simply typed https://zh.wikipedia.org and triggered this error.
Comment 8 Derk-Jan Hartman 2012-01-11 23:32:04 UTC 
Windows Server 2003...

Since this root is pretty 'new' (November 2006), it might be that it is not in the set of default rootcertificates recognized by the Operating System.... To confirm, you could try with Firefox 8 or 9. It maintains it's own collection of trusted rootcertificates, so it will probably work because it's not dependent on the collection shipped in Windows Server.

If confirmed, there are the following possible solutions that I can think of.
* i think it is possible to cross sign the *.wikipedia.org certificate to make it work with older collections of root certificates (not sure though if digicert still offers this feature....)
* manually update your windows server 2003 with newer root certificates....
Comment 9 p858snake 2012-01-11 23:33:37 UTC 
I'm pretty sure MS pushed the new root certs out to the 03 boxes, But I can't remote in to confirm it on mone.
Comment 10 Ryan Lane 2012-01-11 23:58:51 UTC 
Oh. There's about a billion reasons this could fail on Windows Server. You *really* aren't supposed to web browse on Windows Server systems, and Microsoft tries their hardest to make it impossible.

If it's working with IE 8 in other versions of Windows, I'm happy.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links