Firefox何时会使用通配符证书抛出ssl_error_bad_cert_domain?
[英]When does Firefox throw ssl_error_bad_cert_domain with a wildcard certificate?
问题描述
I've searched through https://developer.mozilla.org/en-US/ and Google and still cannot learn exactly why Firefox would display it's "This Connection is Untrusted" screen/UI with "(Error code: ssl_error_bad_cert_domain)" under "Technical Details". 
我已经搜索过https://developer.mozilla.org/zh-CN/和Google,但仍然无法确切了解Firefox为什么会在“错误代码:ssl_error_bad_cert_domain”下显示“此连接不受信任”屏幕/ UI “技术细节”。
Is it really as simple as "The SSL certificate common name does not match the fully qualified domain name (FQDN) of the webserver/website." 它真的像“ SSL证书通用名称与Web服务器/网站的完全限定域名(FQDN)不匹配”那样简单吗? ? ?
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website " https://subdomain.mydomain.tld " and throw this specific error? 如果是这样,那么为什么通用名“ * .subdomain.mydomain.tld”的SSL证书不能与网站“ https://subdomain.mydomain.tld ”一起使用并抛出此特定错误?
1 个解决方案
解决方案1
6 已采纳 2015-03-13 21:47:27
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website " https://subdomain.mydomain.tld " and throw this specific error?
A wildcard stands for a single label and not for nothing. 通配符代表一个标签,而不代表什么。 That means *.subdomain.example.com does not match subdomain.example.com but it will match foo.subdomain.example.com . 这意味着*.subdomain.example.com与subdomain.example.com不匹配,但将与foo.subdomain.example.com匹配。 To match subdomain.example.com too the certificate has to include both *.subdomain.example.com and also subdomain.example.com as subject alternative names. 为了匹配subdomain.example.com ,证书还必须同时包含*.subdomain.example.com和subdomain.example.com作为主题备用名称。 Note that *.example.com would also match subdomain.example.com but not foo.subdomain.example.com . 请注意, *.example.com也将匹配subdomain.example.com但不匹配foo.subdomain.example.com 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.