Avatar for Username

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Mësoni Më Tepër

Kjo rrjedhë është arkivuar. Ju lutemi, bëni një pyetje të re, nëse keni nevojë për ndihmë.

With respect to the x509v3 Subject Alt Name, what EXACTLY is Firefox 38+ (v38.2.1- v38.4) doing in its certificate format checks?

  • 1 përgjigje
  • 2 e kanë hasur këtë problem
  • 8 parje
  • Përgjigjja më e re nga bergmanem

bergmanem
bergmanem
more options

Given that all other attributes in my server certificates are the same, this works (I can access my webpage): Subj: cn=my.friendlydomainname.com,ou=suborg,ou=suborg,ou=suborg,o=org,c=country SubjectAltName: DNS:my.friendlydomainname.com,DNS:6.7.8.9,IPAddress:6.7.8.9

but, this doesn't: (yields "security library: improperly formatted DIR-encoded message (Error code: sec_error_bad_der)") Subj: cn=my.domain.com,ou=suborg,ou=suborg,ou=suborg,o=org,c=country SubjectAltName: DNS:my.ugly.fullyqualifieddomainname.com.,DNS:my.friendlydomainname.com.,DNS:my.ugly.fullyqualifieddomain.name.com,DNS:my.friendlydomainname.com,DNS:6.7.8.9,IPAddress:6.7.8.9

I can successfully look up all Subject Alt Names in DNS.

Is there a way to see more error detail than the simple sec_error_bad_der message?

The request comes from FF38 in either Windows 7 or CentOS 6. The web server is hosted on CentOS 6.

Given that all other attributes in my server certificates are the same, this works (I can access my webpage): Subj: cn=my.friendlydomainname.com,ou=suborg,ou=suborg,ou=suborg,o=org,c=country SubjectAltName: DNS:my.friendlydomainname.com,DNS:6.7.8.9,IPAddress:6.7.8.9 but, this doesn't: (yields "security library: improperly formatted DIR-encoded message (Error code: sec_error_bad_der)") Subj: cn=my.domain.com,ou=suborg,ou=suborg,ou=suborg,o=org,c=country SubjectAltName: DNS:my.ugly.fullyqualifieddomainname.com.,DNS:my.friendlydomainname.com.,DNS:my.ugly.fullyqualifieddomain.name.com,DNS:my.friendlydomainname.com,DNS:6.7.8.9,IPAddress:6.7.8.9 I can successfully look up all Subject Alt Names in DNS. Is there a way to see more error detail than the simple sec_error_bad_der message? The request comes from FF38 in either Windows 7 or CentOS 6. The web server is hosted on CentOS 6.

Krejt Përgjigjet (1)

bergmanem
bergmanem I zoti i pyetjes
more options

Also noticed: If FF fails the first object in the SAN list, it doesn't seem to iterate over the rest (MUST per RFC 2459). I also had a connection fail because the first name in the SAN list was not in DNS. Once it was added to DNS, I could connect.