Closed
Bug 1089527
Opened 10 years ago
Closed 10 years ago
Domain mismatch error with wildcard certificates (ssl_error_bad_cert_domain)
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1088998
Tracking | Status | |
---|---|---|
firefox36 | - | --- |
People
(Reporter: flod, Unassigned)
References
Details
(Keywords: dogfood)
I noticed this at least three times in the last 2 days, on different machines and with different web sites (OS X and Win 8.1). I open the page and get a security warning because the domain is not included in the certificate. Last example after login to Mailchimp. URL: https://us2.admin.mailchimp.com/ Certificate is valid for *.admin.mailchimp.com Had similar issues when trying to download Flash Player update on Windows, or connecting to Garmin Connect website.
Reporter | ||
Updated•10 years ago
|
Summary: Domain mismatch error with wildcard certificates → Domain mismatch error with wildcard certificates (ssl_error_bad_cert_domain)
Comment 1•10 years ago
|
||
I am experiencing the same issue on https://connect.garmin.com/. The certificates for that site and the one from comment 0 are both issued by Cybertrust Public SureServer SV CA. Does that have something to do with it?
Reporter | ||
Comment 2•10 years ago
|
||
(In reply to Francesco Lodolo [:flod] from comment #0) > I noticed this at least three times in the last 2 days, on different > machines and with different web sites (OS X and Win 8.1). I forgot to specify that I'm using Nightly (Italian build), and the behavior change seems pretty recent.
Comment 3•10 years ago
|
||
This is most likely bug 1089527, as it has the same Baltimore Cybertrust Root cert in the certificate chain there.
Comment 4•10 years ago
|
||
Johannes: did you mean bug 430698? (You linked to this bug.) FWIW, I am using the very latest Nightly on OS X 10.9.5 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:36.0) Gecko/20100101 Firefox/36.0).
Comment 5•10 years ago
|
||
Ahh, too much tabs open... should have been bug 1088998 ^^
Comment 6•10 years ago
|
||
I am seeing this on https://www.tripit.com/ as well. Nightly fails to connect, Firefox 33.0.1 works fine. Brian, can you comment as to whether these are the same underlying issues as in bug 1088998?
Flags: needinfo?(brian)
Comment 8•10 years ago
|
||
Seeing this with many sites too including https://account.xbox.com/
Facebook's image CDN has this issue too.
Comment 12•10 years ago
|
||
--> adding "dogfood" keyword, as this breaks sites like tripit [comment 6], usps package tracking [bug 1089866], and outlook webmail [bug 1090151]. I think we should probably back this out today, unless we hear back from Brian with a proposed quick alternative.
Keywords: dogfood
Comment 13•10 years ago
|
||
("back this out" = "back bug 1063281 out")
Comment 15•10 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #12) > --> adding "dogfood" keyword, as this breaks sites like tripit [comment 6], > usps package tracking [bug 1089866], and outlook webmail [bug 1090151]. > > I think we should probably back this out today, unless we hear back from > Brian with a proposed quick alternative. I do have a quick fix, but to be conservative I'll do the backout. That will be happening in bug 1063281.
Flags: needinfo?(brian)
Comment 16•10 years ago
|
||
> https://www.tripit.com/ > https://us2.admin.mailchimp.com/ > https://connect.garmin.com/ > https://account.xbox.com/ > Facebook's CDN > Outlook Webmail > USPS package tracking > Had similar issues when trying to download Flash Player update on Windows, > or connecting to Garmin Connect website. Most likely Akamai too. Johannes Pfrang is right, all of these seem to be dupes of bug 1088998.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Comment 17•10 years ago
|
||
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #16) > > https://www.tripit.com/ > > https://us2.admin.mailchimp.com/ > > https://connect.garmin.com/ > > https://account.xbox.com/ > > Facebook's CDN > > Outlook Webmail > > USPS package tracking Sorry, let me clarify: For all of the above, I verified that they are hosted at Akamai... > > Had similar issues when trying to download Flash Player update on Windows, > Most likely Akamai too. ...and for this one, I assumed so.
Updated•10 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•