Domain mismatch error with wildcard certificates (ssl_error_bad_cert_domain)

RESOLVED DUPLICATE of bug 1088998

Status

()

Core
Security
RESOLVED DUPLICATE of bug 1088998
3 years ago
3 years ago

People

(Reporter: flod, Unassigned)

Tracking

({dogfood})

Trunk
dogfood
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox36-)

Details

(Reporter)

Description

3 years ago
I noticed this at least three times in the last 2 days, on different machines and with different web sites (OS X and Win 8.1).

I open the page and get a security warning because the domain is not included in the certificate.

Last example after login to Mailchimp.

URL: https://us2.admin.mailchimp.com/
Certificate is valid for *.admin.mailchimp.com

Had similar issues when trying to download Flash Player update on Windows, or connecting to Garmin Connect website.
(Reporter)

Updated

3 years ago
Summary: Domain mismatch error with wildcard certificates → Domain mismatch error with wildcard certificates (ssl_error_bad_cert_domain)

Comment 1

3 years ago
I am experiencing the same issue on https://connect.garmin.com/.

The certificates for that site and the one from comment 0 are both issued by Cybertrust Public SureServer SV CA. Does that have something to do with it?
(Reporter)

Comment 2

3 years ago
(In reply to Francesco Lodolo [:flod] from comment #0)
> I noticed this at least three times in the last 2 days, on different
> machines and with different web sites (OS X and Win 8.1).

I forgot to specify that I'm using Nightly (Italian build), and the behavior change seems pretty recent.
This is most likely bug 1089527, as it has the same Baltimore Cybertrust Root cert in the certificate chain there.

Comment 4

3 years ago
Johannes: did you mean bug 430698? (You linked to this bug.)

FWIW, I am using the very latest Nightly on OS X 10.9.5 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:36.0) Gecko/20100101 Firefox/36.0).
Ahh, too much tabs open... should have been bug 1088998 ^^
I am seeing this on https://www.tripit.com/ as well. Nightly fails to connect, Firefox 33.0.1 works fine.

Brian, can you comment as to whether these are the same underlying issues as in bug 1088998?
Flags: needinfo?(brian)
Blocks: 1063281
Duplicate of this bug: 1089866
Seeing this with many sites too including https://account.xbox.com/
Facebook's image CDN has this issue too.
Depends on: 1089104
[Tracking Requested - why for this release]:
tracking-firefox36: --- → ?
Duplicate of this bug: 1090151
--> adding "dogfood" keyword, as this breaks sites like tripit [comment 6], usps package tracking [bug 1089866], and outlook webmail [bug 1090151].

I think we should probably back this out today, unless we hear back from Brian with a proposed quick alternative.
Keywords: dogfood
("back this out" = "back bug 1063281 out")
Duplicate of this bug: 1090356
(In reply to Daniel Holbert [:dholbert] from comment #12)
> --> adding "dogfood" keyword, as this breaks sites like tripit [comment 6],
> usps package tracking [bug 1089866], and outlook webmail [bug 1090151].
> 
> I think we should probably back this out today, unless we hear back from
> Brian with a proposed quick alternative.

I do have a quick fix, but to be conservative I'll do the backout. That will be happening in bug 1063281.
Flags: needinfo?(brian)
> https://www.tripit.com/
> https://us2.admin.mailchimp.com/
> https://connect.garmin.com/
> https://account.xbox.com/
> Facebook's CDN
> Outlook Webmail
> USPS package tracking

> Had similar issues when trying to download Flash Player update on Windows,
> or connecting to Garmin Connect website.

Most likely Akamai too.

Johannes Pfrang is right, all of these seem to be dupes of bug 1088998.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1088998
(In reply to Brian Smith (:briansmith, :bsmith, use NEEDINFO?) from comment #16)
> > https://www.tripit.com/
> > https://us2.admin.mailchimp.com/
> > https://connect.garmin.com/
> > https://account.xbox.com/
> > Facebook's CDN
> > Outlook Webmail
> > USPS package tracking

Sorry, let me clarify: For all of the above, I verified that they are hosted at Akamai...

> > Had similar issues when trying to download Flash Player update on Windows,

> Most likely Akamai too.

...and for this one, I assumed so.
tracking-firefox36: ? → -
You need to log in before you can comment on or make changes to this bug.