stackoom
  简体   繁体   中英

SSL_ERROR_BAD_CERT_DOMAIN

 原文  2019-07-18 12:13:56       .htaccess/ ssl/ certificate

Question

SSL certificate is valid only for website without www

I set my site with SSL certificate. It is on posidonia.ga but if I connect then Firefox shows this warning: ""Websites guarantee their identity through certificates. Firefox does not consider this site reliable as it uses a certificate that is not valid for www.posidonia.ga. The certificate is valid only for posidonia.ga.

Error code: SSL_ERROR_BAD_CERT_DOMAIN""

So how could I connect to https://www.posidonia.ga if my SSL certificate is valid only for posidonia.ga (without www)?

I've read I could solve adding these lines to .htaccess: 

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

But the problem is still there.

Please help, thanks. 

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

I expect connecting https://www.posidonia.ga without warning: SSL_ERROR_BAD_CERT_DOMAIN

1 answers

solution1
 1  2019-07-18 14:57:07

You have two problems:

1) your certificate is only for posidonia.ga hence it will never cover www.posidonia.ga and any HTTPS connection to that hostname with this certificate will get rejected by clients due to name mismatch. You need a new certificate having either www.posidonia.ga or *.posidonia.ga as a SAN (Subject Alternative Name), alongside the current posidonia.ga . You need to generate a new certificate for this goal, you can not just "update" the current one.

2) Your certificate is issued by 

E = support@cacert.org
CN = CA Cert Signing Authority
OU = http://www.cacert.org
O = Root CA

This is a CA that is not included by default in browsers (see http://wiki.cacert.org/InclusionStatus for full list on where it is included by default or not), hence they reject your certificate as unknown issuer.

To add the CA in browsers, have a look at http://wiki.cacert.org/FAQ/ImportRootCert and http://wiki.cacert.org/FAQ/BrowserClients depending on your needs.

It can be as simple as http://www.cacert.org/index.php?id=3 and accepting the prompts, or more complicated depending on your OS/browser/setup/policies.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question .htaccess: non www to www (with https) shows ssl_error_bad_cert_domain in Firefox Domain name automatically directing to HTTPS instead of HTTP i have no SSL cert SSL Error: how to redirect https://www.domain.com to http://domain.com via .htaccess to avoid SSL error How to redirect HTTPS to HTTP without SSL Cert .htaccess SSL Single Domain Subdomain folder redirect not working after SSL cert applied Redirect Old domain to New domain with ssl nginx domain redirect on another domain that has SSL htaccess force ssl for a particular domain .htaccess redirecting non SSL Domain to another SSL Domain
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM