Where to report an issue with certificate distrust in firefox on a server with GUI?
Hello,
I'm running a RHEL 7.4 Server with GUI. Firefox 52.4.0 (64-bit) is included in this version.
While accessing a website with firefox from this machine, the browser blocked the connection and tells me that the connection is not secure because:
The certificate is not trusted because it was signed using a signature algorithm that was disabled because that algorithm is not secure.
Error code: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
I've visited the same site with a Firefox ESR 52.4.1 (32-bit) from a windows machine and I do not get an error here. So I've checked the signature algorithm of the certificate in question and it is:
Signature Algorithm: sha256WithRSAEncryption
IMHO this should be considered as secure. But now the following questions are going around in my head:
- Is it a bug or a feature?
- Is there anything fishy with the certificate?
- If it seems to be a bug, where should I report it?
My machine has a development subscription. So I cannot open a support ticket. Should I report this issue in the Red Hat Bugzilla or in the bugtracker of Mozilla?
I'm happy if someone could provide some advise here.
Best regards,
Joerg
