That is an intermediate certificate that a server needs to send. Firefox will store such a certificate in the Certificate Manager as Software Security Device and store it in cert8.db for future use. So if cert8.db was deleted or you use a new profile then you won't have that certificate unless the server sends it.

See https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130

Hi cor-el, for some reason firefox does not seem to retrieve this intermediate certificate from the webserver, EVEN when the issuer of the intermediate certificate is in the trusted root store of firefox. I had to add an exception manually. I checked this with IE and Opera and both retrieve the correct intermediate g3 certificate when it is not installed on the client. Why does firefox not use the operating system certificate store anyway? This is causing heaps of problems since our website is using the new verisign G5 root and G3 intermediate certificates. We are getting complaints from customers using firefox claiming our website is not safe.

It is the responsibility of websites to send all required intermediate certificates. If websites do not send them and Firefox hasn't stored them from a past visit to other websites that send them then you get then not trusted error message. Firefox is a multi platform application and every platform would require a different approach for each supported feature. That would require a lot of extra code that the devs want to avoid, even if APIs for such an enhancement (don't know about this one).

You can also check certificates via other test sites.

• http://www.networking4all.com/en/support/tools/site+check/
• http://www.sslshopper.com/ssl-checker.html