|
|
|
|
|
|
by richm44
600 days ago
|
|
|
Downloading things from the AIA fields would mean triggering HTTP/HTTPS requests to an untrusted URL from a certificate you haven't verified - not a good idea. What firefox does is cache intermediates that it has seen elsewhere, the windows TLS stack can fetch additional certs from windows update on-demand (and actually starts with only a small bundle of trusted roots). There is no good solution for incomplete chains other than getting the sites fixed (or using a provider like cloudflare that solves it for them). |
|
|