Comment 13 for bug 790469

Navigating to https://testpilot.mozillalabs.com/ results in a "This Connection is Untrusted" warning, with the error code "sec_error_unknown_issuer" (The certificate is not trusted because no issuer chain was provided).

The test-pilot extension also triggers this, resulting in this dialog when starting Firefox: https://launchpadlibrarian.net/72701040/Screenshot.jpg

I think this only started happening recently (we suddenly got quite a few bug reports in Ubuntu in the last few days). It seems that the certificate is signed by an intermediate CA cert (GeoTrust SSL CA) which is not included with NSS. According to https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422, the intermediate CA cert should be installed on the server alongside your SSL cert (although, I'm merely speculating here, it could be a different issue entirely).

If I use the SSL checker at https://knowledge.geotrust.com/support/knowledge-base/index?page=content&actp=CROSSLINK&id=SO9557, it points me to the missing intermediate cert. If I import this cert, then the warnings go away.

I'm not sure which product this should be reported against. I looked in the Websites product first, but there doesn't appear to be a component specific to testpilot.mozillalabs.org.