London Stock Exchange Charts Wont Load
When using the london stock exchange website firefox wont load any of the charts (other browsers show them fine).
This error is shown: "Did Not Connect: Potential Security Issue
Firefox detected a potential security threat and did not continue to charts.londonstockexchange.com because this web site requires a secure connection."
I've check the address (charts.londonstockexchange.com) on SSLLabs and it comes back saying the certificate is ok.
Could anyone suggest how to fix this issue? Without being able to sort this issue it will be difficult to continue with firefox!
Many thanks
Chosen solution
You can contact the website and ask them to fix this, but for now you can fix this by importing the missing intermediate certificate via the GeoTrustTLSRSACAG1.crt AIA link I posted above.
Firefox will prompt to set some trust bits, but you shouldn't tick any of the boxes because that is only required for a trusted root certificate and not for intermediate certificates.
Ler a resposta no contexto 👍 1All Replies (3)
The server doesn't send all required intermediate certificate to make it possible for Firefox to build a certificate chain that ends with a builtin root certificate. The server also supports only weak cipher suites and doesn't support TLS 1.3 so is quite behind on security.
- https://www.ssllabs.com/ssltest/analyze.html?d=charts.londonstockexchange.com
- This server's certificate chain is incomplete. Grade capped to B.
Issuer GeoTrust TLS RSA CA G1 AIA: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
Do NOT set trust bits on an intermediate certificate when prompted. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.
The server needs to send the full certificate chain and include all required intermediate certificates. Firefox will cache intermediate certificates send by a server in the Certificate Manager for future use.
If you have visited a website that has send this intermediate certificate in the past then Firefox will not display the error page when you visit a server that doesn't send this intermediate certificate.
Thank you for the reply. I understand most of what you are saying, but just to clarift - is there anything I can do to fix the problem or is it down to the website in question?
Many thank again!
Chosen Solution
You can contact the website and ask them to fix this, but for now you can fix this by importing the missing intermediate certificate via the GeoTrustTLSRSACAG1.crt AIA link I posted above.
Firefox will prompt to set some trust bits, but you shouldn't tick any of the boxes because that is only required for a trusted root certificate and not for intermediate certificates.