User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130 When a certificate isn't signed by a trusted CA, mozilla gives a big dialog that says: Unable to verify <site> as a trusted site. Possible reasons are: - Untrusted CA - Certificate is incomplete - The site is pretending to be <value of CN on certificate> Furthermore if there is a hostname mismatch it is presented in a seperate dialog. Reproducible: Always Steps to Reproduce: 1. Go to https://kuix.de 2. Click past the first dialog to see the second Expected Results: Mozilla should have stated that the problems was an untrusted CA. It should not have said 'here is a list of possible problems'. Netscape 6.2 does say that problem was an untrusted CA. Mozilla should have also combined both problems into one dialog like IE does. I haven't checked what happens when you use a certificate that is expired. There might even be a third dialog.

Confirming per discussion in whatever bug it was in whic kaie asked this be filed (usually one would cite the bug you're spinning off of in the opening comment. ;) )

NSS can't distinguish between an untrusted CA and a missing intermediate CA issued by a trusted CA. The remaining issue is bug 99411. *** This bug has been marked as a duplicate of 99411 ***