BitDefender is not adding it's certificate on Non-ASCII profiles and the https webpages are displaying a "connection is not secured" error
Categories
(External Software Affecting Firefox :: Other, defect)
Tracking
(firefox63 wontfix, firefox64 wontfix, firefox65 verified, firefox66 verified)
People
(Reporter: emilghitta, Unassigned)
Details
[Affected versions]: Firefox 63.0.3 Firefox 65.0a1 [Affected platforms]: Windows 10 64bit. [Preconditions]: Install BitDefender Pro 2019 (trial). [Steps to reproduce]: 1. Launch Firefox 63.0.3 with a new, Non-ASCII profile. (ex: åÞÛÚ). 2. Close Firefox 63.0.3. 3. Launch latest nightly with the same Non-ASCII profile. 4. Access the https://twitter.com/ webpage. 5. Close latest nightly. 6. Launch Firefox 63.0.3 again 7. Access the https://twitter.com/ webpage. [Expected result]: The webpage loads successfully. [Actual result]: Steps 4 and 7: An error stating that the "connection is not secured" is displayed. [Workaround] 1. Set the "security.enterprise_roots.enabled" pref to "true". [Note]: For further information regarding this issue, please view the following screencast: https://drive.google.com/file/d/1QwzgEYEiytnfeL7-61ntqFYxgY6_DNVV/view?usp=sharing Please note that you may have to repeat step 3 and 4 a couple of times (2-3 times) in order to reproduce (sometimes this is reproducible from the first try). It seems that BitDefender is not adding it's certificate inside the Certificate manager on Non-ASCII profiles.
Reporter | ||
Comment 1•5 years ago
|
||
Just an update note: You don't have to launch a different version of Firefox (with the same Non-ASCII profile). Launching the same version (ex: 63.0.3) with the same profile several times (2-3 times) will also reproduce this issue.
Comment 2•5 years ago
|
||
Other than just turning enterprise mode on for Windows by default, I don't know what to do here.
Comment 3•5 years ago
|
||
Emil, per Gijs suggestion, can you please confirm that there are certificates installed for other vendors (ESET, Avast or Kaspersky all default to installing their certs into our NSS store) into the profile (not just via the about:config pref to use the windows DB). If confirmed it means it is a BitDefender issue, not a Firefox issue and we can open a ticket with them.
Reporter | ||
Comment 4•5 years ago
|
||
Confirming here as well (for better transparency). BitDefender: - Tested using non-ascii profile (freshly created, using the default pref configurations). BitDefender fails to add it's certificate (verified by viewing the Certificate Manager) and leads to the issue that was mentioned in comment 0. Avast free antivirus 18.82356 (build 18.8.4084.0) and AVG Antivirus free 18.8.3071 (build 18.8.4084.0): - Tested using newly created non-ascii profiles (using the default pref configurations). It seems that both Avast and AVG successfully adds the certificates inside the Certificate Manager.
Comment 5•5 years ago
|
||
Comment 6•5 years ago
|
||
hi radu, there seems to be a problem with bitdefender not placing its certificates into the firefox trust store under some circumstances. could you look into this problem or forward it to the right people at bitdefender?
Comment 7•5 years ago
|
||
Also, you could consider switching to the Windows store, which Firefox supports. Kaspersky did the same, and it resolved a few problems for them.
Comment 8•5 years ago
|
||
Hello,
Thank you for reporting the issue. We started an investigation on our end and are trying to solve it as fast as possible. We'll keep you informed on the progress.
Comment 9•5 years ago
|
||
See Bug 1508624 Comment 14. It is likely that this specific case of the issue is also fixed.
Comment 10•5 years ago
|
||
(In reply to Radu Portase from comment #8)
Hello,
Thank you for reporting the issue. We started an investigation on our end and are trying to solve it as fast as possible. We'll keep you informed on the progress.
Radu, any chance of an update on this?
Comment 11•5 years ago
|
||
Hello,
Sorry for not replying sooner... I'm not directly involved in the development of the components responsible for this bug... so I thought the comment above ( See Bug 1508624 Comment 14. It is likely that this specific case of the issue is also fixed.
) meant that this issue was fixed.
Can you please check if the issue reproduces with Bitdefender Total Security updated to the latest version? If you don't have the product, a 30 days trial can be downloaded from the Bitdefender website (https://www.bitdefender.com/solutions/total-security.html).
Please note that a restart might be required after the update for the fix to be in place.
Let me know if the issue remains :)
Thank you
Comment 12•5 years ago
|
||
(In reply to Marco Castelluccio [:marco] from comment #7)
Also, you could consider switching to the Windows store, which Firefox supports.
If localized profile names are preventing them from updating the certificate database they could just as well have the same problem finding that profile's prefs.js to turn on the enterprise root feature.
Reporter | ||
Comment 13•5 years ago
|
||
I can confirm that this issue is no longer reproducible from my side while using BitDefender total security provided in comment 11 with Firefox 65.0.2 and Firefox 66.0b1.
Comment 14•5 years ago
|
||
Marking fixed based on comment #13.
Reporter | ||
Updated•5 years ago
|
Updated•5 years ago
|
Description
•