Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Valid certifcate, but "ssl_error_bad_cert_domain"

  • 4 பதிலளிப்புகள்
  • 82 இந்த பிரச்னைகள் உள்ளது
  • 1 view
  • Last reply by knobi@knobisoft.de

I have a SSL web-server xxx.yyy with a valid certificate that is signed by a CA known to Firefox.

When I access "https://xxx.yyy" everything is fine. When I access "https://xxx.yyy/some_page", I get the "This Connection is Untrusted" dialog, which tells me:

Technical Details xxx.yyy uses an invalid security certificate. The certificate is only valid for @subject_cn@ (Error code: ssl_error_bad_cert_domain)

When I then try to add an exception, after some seconds it tells me: "Valid certificate: This site provides valid, certified identification. There is no need to add an exception".  And the "Confirm Security Exception" button stays greyed out.
Now I am stuck .... :-(

Thanks in advance

I have a SSL web-server xxx.yyy with a valid certificate that is signed by a CA known to Firefox. When I access "https://xxx.yyy" everything is fine. When I access "https://xxx.yyy/some_page", I get the "This Connection is Untrusted" dialog, which tells me: ##### Technical Details xxx.yyy uses an invalid security certificate. The certificate is only valid for @subject_cn@ (Error code: ssl_error_bad_cert_domain) ##### When I then try to add an exception, after some seconds it tells me: "Valid certificate: This site provides valid, certified identification. There is no need to add an exception". And the "Confirm Security Exception" button stays greyed out. Now I am stuck .... :-( Thanks in advance

All Replies (4)

I am suspecting the "@subject_cn@" wants to tell me something. Why doesn't it show the CN of the certificate (xxx.yyy)?

Just some more info: the SSL server is on a different network, behind a Socks5 proxy (firefox) configured to do DNS lookups. Maybe this is related...

Some more info. The proxy configuration is not the problem. It might be that the certificate has a problem after all.

When inspecting the certificate with openssl, it shows;

> X509v3 Subject Alternative Name: > DNS:@subject_cn@, email:user@zzz.yyy

Is that a syntax recognized by firefox? Is that valid at all?

cookies should be enabled in your browser for CAPTCHA validation. how do I enable this to allow these cookies from this site for registration.