[英]When does Firefox throw ssl_error_bad_cert_domain with a wildcard certificate?
I've searched through https://developer.mozilla.org/en-US/ and Google and still cannot learn exactly why Firefox would display it's "This Connection is Untrusted" screen/UI with "(Error code: ssl_error_bad_cert_domain)" under "Technical Details". 我已经搜索过https://developer.mozilla.org/zh-CN/和Google,但仍然无法确切了解Firefox为什么会在“错误代码:ssl_error_bad_cert_domain”下显示“此连接不受信任”屏幕/ UI “技术细节”。
Is it really as simple as "The SSL certificate common name does not match the fully qualified domain name (FQDN) of the webserver/website." 它真的像“ SSL证书通用名称与Web服务器/网站的完全限定域名(FQDN)不匹配”那样简单吗? ?
?
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website " https://subdomain.mydomain.tld " and throw this specific error? 如果是这样,那么为什么通用名“ * .subdomain.mydomain.tld”的SSL证书不能与网站“ https://subdomain.mydomain.tld ”一起使用并抛出此特定错误?
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website " https://subdomain.mydomain.tld " and throw this specific error?
如果是这样,那么为什么通用名“ * .subdomain.mydomain.tld”的SSL证书不能与网站“ https://subdomain.mydomain.tld ”一起使用并抛出此特定错误?
A wildcard stands for a single label and not for nothing. 通配符代表一个标签,而不代表什么。 That means
*.subdomain.example.com
does not match subdomain.example.com
but it will match foo.subdomain.example.com
. 这意味着
*.subdomain.example.com
与subdomain.example.com
不匹配,但将与foo.subdomain.example.com
匹配。 To match subdomain.example.com
too the certificate has to include both *.subdomain.example.com
and also subdomain.example.com
as subject alternative names. 为了匹配
subdomain.example.com
,证书还必须同时包含*.subdomain.example.com
和subdomain.example.com
作为主题备用名称。 Note that *.example.com
would also match subdomain.example.com
but not foo.subdomain.example.com
. 请注意,
*.example.com
也将匹配subdomain.example.com
但不匹配foo.subdomain.example.com
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.