Hello Kedar,
> Somehow, in IE's database, this CA is a trusted CA
> and hence IE does not show you the
> warning dialog.
>
> If you look further into IE settings maybe you'll
> find that this CA is one it trusts.
as far as I can see both Firefox and IE do know the top-level CA that is relevant here, which is "UTN-USERFirst-Hardware" as displayed in the Firefox settings. But IE recognizes the intermediate CAs between www.pluginsmithy.com and "UTN-USERFirst-Hardware", and Firefox does not.
I was able to track down a site that does use a certificate from the same CA (PositiveSSL):
https://vc10.eukhost.com/~lionblad/lionblade/
When I invoke that site with Firefox, the page opens without warning, and when looking at the certificate I can see the following certificate hierarchy: "vc10.eukhost.com" -> "PositiveSSL CA" -> "UTN-USERFirst-Hardware" -> "AddTrust External CA Root". When I invoke my own site I can only see "www.pluginsmithy.com" but no hierarchy above that.
I also did a packet trace when connecting both to
https://vc10.eukhost.com/~lionblad/lionblade/ and to
https://www.pluginsmithy.com:8181/, and I can see that vc10.eukhost.com does return the intermediate certificates *and* the www.pluginsmithy.com certificate, while www.pluginsmithy.com only returns the www.pluginsmithy.com certificate. So I'm currently suspecting that I did something wrong when configuring Glassfish, but the mystery is how IE does get the correct certificate hierarchy.
Regards
Stephan
[Message sent by forum member 'smuehlst' (smuehlst)]
http://forums.java.net/jive/thread.jspa?messageID=252002