When does Firefox throw ssl_error_bad_cert_domain with a wildcard certificate?
Question
I've searched through https://developer.mozilla.org/en-US/ and Google and still cannot learn exactly why Firefox would display it's "This Connection is Untrusted" screen/UI with "(Error code: ssl_error_bad_cert_domain)" under "Technical Details".
Is it really as simple as "The SSL certificate common name does not match the fully qualified domain name (FQDN) of the webserver/website." ?
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website " https://subdomain.mydomain.tld " and throw this specific error?
1 answers
solution1
6 ACCPTED 2015-03-13 21:47:27
If so, then why wouldn't an SSL certificate with the common name "*.subdomain.mydomain.tld" work with the website " https://subdomain.mydomain.tld " and throw this specific error?
A wildcard stands for a single label and not for nothing. That means *.subdomain.example.com does not match subdomain.example.com but it will match foo.subdomain.example.com . To match subdomain.example.com too the certificate has to include both *.subdomain.example.com and also subdomain.example.com as subject alternative names. Note that *.example.com would also match subdomain.example.com but not foo.subdomain.example.com .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.