Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158065 - Lack of Unizeto certificates
Summary: Lack of Unizeto certificates
Alias: None
Product: Fedora
Classification: Fedora
Component: thunderbird
Version: 6
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-05-18 10:45 UTC by Marcin Zajaczkowski
Modified: 2018-04-11 14:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-01-05 21:56:39 UTC

Attachments (Terms of Use)

Description Marcin Zajaczkowski 2005-05-18 10:45:05 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Unable to verified certs made by Unizeto. In Windows wersion (and earlier for Fedora) there are several Unizeto certs. In this version is only one - Centrum CA.
Probably not only Unizeto certs are missing. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Edit->Preferences->Advanced->Manage Certificates->Authorities
2. Find Unizeto So. z o.o.

Actual Results:  There is only one cert.

Expected Results:  Should be more.

Additional info:

I can provide sample server with that certificate which display info it's not verified (after upgrade to this version).

Comment 1 Matthew Miller 2006-07-10 23:29:00 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Comment 2 Matěj Cepl 2007-01-05 14:52:42 UTC
Still true on Epiphany from Fedora Core 6 (running on RHEL5b2). However, there
may be some confusion -- official list of CAs supported by Mozilla
( shows that the CA is called
Unizeto CERTUM CA (and despite the Italian-sounding name, it is a Polish
company), and it is supposed to have one root cert (which we apparently have),
and three sub-certs, which are verified because of the root cert.

Reporter, could you please indicate a server, which is not verified by the
CURRENT Firefox?

Comment 3 Christopher Aillon 2007-01-05 20:43:15 UTC
This is something that probably belongs to the NSS component anyway....

Comment 4 Kai Engert (:kaie) (inactive account) 2007-01-05 20:56:24 UTC
I believe this bug is invalid.

Marcin, it is not necessary that Thunderbird ships the additional subordinate /
intermediate certificates.

A server that uses a certificate from one of the subordinate CAs should be
configured to send out the intermediate cert required to chain up to the root,
in addition to the server cert. This is common practice. Another good example is
Verisign, which also uses an intermediate CA to issue server certs, which is not
shipped with Thunderbird either.

You can verify this is correct: Go to the page listed in comment 2, find the
CERTUM ca row, and click on any of the "CERTUM Level" links. BUT DO NOT CLICK
OK. Click on the "view certificate" button. You'll get a window, that displays
the verification status on the top. It will say that the cert can be verified.
(You should cancel both dialogs after you looked at the information).

I believe there is no bug, and I'm proposing to resolve it as INVALID.

If you can show us a sample server that does not verify as expected, despite the
server sending out the intermediate certs, please let us know.

Comment 5 Marcin Zajaczkowski 2007-01-05 21:46:43 UTC
I reported this issue 1,5 years ago, because mail server of my university had
stopped working with SSL out-of-box.
This issue still occurs with "" (ssl, port 995). I checked
it on a new profile in thunderbird (fc5). If it's needed I can try with on fc6 (on an another computer tomorrow).

If you, Kai, think that it sould work, maybe there is something with that

Comment 6 Kai Engert (:kaie) (inactive account) 2007-01-05 21:56:39 UTC
Marcin, when I connect to that server, the server sends me a single certificate.

The certificate was issused by
        Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum Level III

You should get the Level III certificate, and add it to the configuration of
that server.

I do not know how you would configure that server. Please see the documentation
of the server software. Look for instructions on how to configure / add an
intermediate cert.

As soon as that server sends out both certificates on a connection, Thunderbird
will automatically trust the server.

Based on the test environment I'm resolving this as NOTABUG.

Comment 7 Marcin Zajaczkowski 2007-01-05 22:08:59 UTC
If you claim this is a problem with configuration of a server and in normal case
Centrum CA certificate is enough then OK.

Thanks for point a real problem out. I'll try to manage something with sending

Note You need to log in before you can comment on or make changes to this bug.