Error code: SSL_ERROR_BAD_CERT_DOMAIN - certificate is not valid for the following names
Hi,
i have a problem with certificates for local domains. An app for compiling Sass files (CodeKit) provides a local server on the Mac. The app creates a root certificate (authority certificate) which I have imported into Firefox (Prefs -> Privacy & Security -> View Certificates -> Authorities -> Import).
When I now call the URL generated by the app in Firefox (https://marios-imac.local:5757/) I get the error message "SSL_ERROR_BAD_CERT_DOMAIN" and "The certificate is only valid for the following names:" But this list shows the correct URL! I have attached two screenshots.
Calling the TLS URL in Safari, Chrome and Opera works without any error message!
Is this a bug or am I doing something wrong? I have already deleted Firefox completely and created a new user account (for Firefox and in Mac OS X), but nothing has helped.
Mario
Усі відповіді (9)
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
http://kb.mozillazine.org/Error_loading_websites
- uses an invalid security certificate SSL_ERROR_BAD_CERT_DOMAIN
- configured their website improperly
How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER
Thanks for your reply!
I don't use any security software on my Mac.
And the error message is "SSL_ERROR_BAD_CERT_DOMAIN" and not "SEC_ERROR_UNKNOWN_ISSUER".
The second message says that the certificate is not valid for the URL, but the called URL is included in the list of valid URLs!
If you can post the whole error message, someone else may be able to explain the problem.
In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?
FredMcD said
If you can post the whole error message, someone else may be able to explain the problem.
This was the whole message. The only part that was missing was the certificate chain.
jscher2000 said
In your original screenshot, the list contains an asterisk followed by a question mark in a box and a close parenthesis. Perhaps the SAN list in the certificate is corrupted and Firefox, while displaying the list, is refusing to use any of it?
I've noticed that too. And every time I restart Firefox and call the URL this entry changes. (see screenshots attached) I have no idea what this entry means and where it comes from.
It must have something to do with the DNS resolving! I just noticed that if I use the IP as URL (https://192.168.178.20:5757) it works without any error message!
I really don't know where else to look.
Is the IP address the main subject of the certificate, or is it only listed on the SAN list? If it's only on the SAN list, my "corrupted list" theory would be disproven and we'd need to consider whether perhaps .local domains are treated specially for some reason.
It's only listet in the SAN List:
Not Critical DNS Name: *.local IP Address: fe80::4922:2219:b527:7193 DNS Name: localhost DNS Name: Marios-iMac.fritz.box IP Address: 192.168.178.20 IP Address: ::1 IP Address: 2a02:8109:1540:4a54:8f2:a266:bdb0:2ea8 DNS Name: marios-imac.local IP Address: fe80::1 IP Address: fe80::1caf:3c:ba80:b29 IP Address: fe80::6c80:878b:167e:4f55 IP Address: fe80::b4f5:ffff:fe6f:b855 DNS Name: marios-imac.fritz.box IP Address: 2a02:8109:1540:4a54:f5ed:3059:18c0:d5f0 IP Address: 127.0.0.1