Closed
Bug 1323710
Opened 8 years ago
Closed 7 years ago
roedovre-skole.m.skoleintra.dk serving an invalid cert when client uses TLS 1.3
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bugzilla, Unassigned)
References
()
Details
when I visit https://roedovre-skole.m.skoleintra.dk/Account/IdpLogin using latest nightly I get a "Your connection is not secure" I dont get this error in Edge or Chrome I also tried with a clean Firefox profile and still same error Is it Firefox that has a problem or ?
Comment 1•8 years ago
|
||
It looks like Firefox is being served a different cert than other browsers. For example, when I visit https://roedovre-skole.m.skoleintra.dk/Account/IdpLogin on IE11, I receive this cert: > Issuer CN = COMODO RSA Domain Validation Secure Server CA > Subject CN = *.m.skoleintra.dk > SAN DNS Name = *.m.skoleintra.dk > SAN DNS Name = m.skoleintra.dk ... which is perfectly valid for roedovre-skole.m.skoleintra.dk. On Firefox, I get this cert instead: > Issuer CN = COMODO ECC Domain Validation Secure Server CA 2 > Subject CN = ssl386617.cloudflaressl.com > SAN DNS Name = ssl386617.cloudflaressl.com > SAN DNS Name = *.skoleintra.dk > SAN DNS Name = skoleintra.dk ... which isn't valid for roedovre-skole.m.skoleintra.dk. So, AFAICT Firefox is correctly rejecting the cert. I'm inclined to mark this bug as invalid, or maybe morph this bug to a Tech Evangelism one or something.
Summary: Getting SSL_ERROR_BAD_CERT_DOMAIN on valid certicate → Getting SSL_ERROR_BAD_CERT_DOMAIN on roedovre-skole.m.skoleintra.dk
Comment 2•7 years ago
|
||
I can reproduce on Mac, too: Chrome and Safari get a valid cert and Firefox does not (details matching comment 1). The site works if I set security.tls.version.max to 3 instead of 4 (TLS 1.2 vs experimental TLS 1.3 support in nightly and aurora). Is this a cloudflare problem that might be more wide-spread? Or just a one-off mistake?
Component: Security → Desktop
Flags: needinfo?(ekr)
Product: Firefox → Tech Evangelism
Summary: Getting SSL_ERROR_BAD_CERT_DOMAIN on roedovre-skole.m.skoleintra.dk → roedovre-skole.m.skoleintra.dk serving an invalid cert when client uses TLS 1.3
Version: unspecified → Firefox 52
Comment 3•7 years ago
|
||
I can reproduce with Canary when I turn on TLS 1.3 as well, so this is a problem in Cloudflare's servers.
Flags: needinfo?(ekr)
Comment 4•7 years ago
|
||
This is a configuration error on the server side and is being fixed now.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•