Confirmed users
112
edits
CA:FAQ: Difference between revisions
add "Can I use Mozilla's set of CA certificates?"
(add "Can I use Mozilla's set of CA certificates?") |
|||
| Line 123: | Line 123: | ||
This type of error indicates that the web server is incorrectly configured. The web server itself has to send the intermediate certificate along with their own SSL cert to complete the certificate chain. Only root certificates or trust anchors are included in the Mozilla root store. | This type of error indicates that the web server is incorrectly configured. The web server itself has to send the intermediate certificate along with their own SSL cert to complete the certificate chain. Only root certificates or trust anchors are included in the Mozilla root store. | ||
=== Can I use Mozilla's set of CA certificates? === | |||
The decisions Mozilla makes with regards to the inclusion of CA certificates is directly tied to the capabilities and behaviors of the software Mozilla distributes. It would therefore be irresponsible to bundle Mozilla's set of CA certificates with other software. | |||
For additional context on why reuse would be a bad idea see https://groups.google.com/d/msg/mozilla.dev.security.policy/FYIBEF_AVMI/2KYQrWirsiQJ by Ryan Sleevi and https://groups.google.com/d/msg/mozilla.dev.security.policy/FYIBEF_AVMI/jFAWDvy5zE4J by Brian Smith. | |||