Ubuntu
ubufox package

SPI CA certificate (i.e. effectively Debian) is not trusted out of the box

Bug #1287130 reported by era on 2014-03-03

This bug report is a duplicate of: Bug #1042040: debian CA not shipped in firefox. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ubufox (Ubuntu)	New	Undecided	Unassigned

Bug Description

When I visit https://alioth.debian.org/ in Firefox, I get the familiar warning dialog:

This Connection is Untrusted

You have asked Firefox to connect securely to alioth.debian.org, but we can't
confirm that your connection is secure.

    Normally, when you try to connect securely, sites will present trusted
    identification to prove that you are going to the right place. However,
    this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean
that someone is trying to impersonate the site, and you shouldn't continue.

> Technical Details ...

> I Understand the Risks

I posted a question about this back in 2009 https://answers.launchpad.net/ubuntu/+source/ca-certificates/+question/79192 and finally I got a useful reply in November 2012 which implicates the Ubuntu Firefox license as a possible culprit.

The related bug https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1042040 was closed as Invalid, but that applies to Firefox proper. Ubuntu can and IMHO should make its own judgment call on which CA certificates to trust.