Closed
Bug 1407567
Opened 7 years ago
Closed 7 years ago
"SSL_ERROR_BAD_CERT_DOMAIN" error on https://www.sarnerblog.blogspot.com/ & https://www.sarnerblog.blogger.de/
Categories
(Web Compatibility :: Site Reports, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Fritz, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Build ID: 20171002220106
Steps to reproduce:
I tried to oen a blooger entry, then I tried to log into Firefox
Actual results:
You made me mad. "www.sarnerblog.blogger.de verwendet ein ungültiges Sicherheitszertifikat. Das Zertifikat gilt nur für folgende Namen: *.blogger.de, blogger.de Fehlercode: SSL_ERROR_BAD_CERT_DOMAIN" Wrong certificate for blogger?
Expected results:
1. a publicly readable site should not be encrypted. What for?
2. and if you play around with security, think of your users. It took me ages to (forcibly) redo my password. Who ever is so important that he or she needs a 12 digit password, when writing to you. Stop all this fooling around and give us a simple, fast browser. Leave encryption to the user. Do not enforce extreme complication. Fritz@Joern.De
Comment 1•7 years ago
|
||
It's website page issue, that it provides bad and wrong certificate for encrypted connection, which fails due to this. So report this issue to website page developer.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•7 years ago
|
||
Well, blogger is part of Google (https://en.wikipedia.org/wiki/Blogger_(service)) and I won’t tell them that their certificates are bad. Allow me to translate the message I got from Firefox: "www.sarnerblog.blogger.de uses an invalid certificate. The certificate is only valid for the following names: *.blogger.de, blogger.de Error code: SSL_ERROR_BAD_CERT_DOMAIN". That’s a contradiction by itself.
Comment 3•7 years ago
|
||
In my case when I go to
> https://sarnerblog.blogger.de/"
I'm getting
> Sorry!
>
> Die URL konnte nicht gefunden werden!"
so looks like really URL isn't valid.
You can also contact creator of this blogger entry,
so maybe hyperlink will be fixed to proper one.
Reporter | ||
Comment 4•7 years ago
|
||
Thank you. I am myself the creator of this blog, but I work it from Germany and from Italy. Blogger seems to change country code (i.e. .de and .it) by itself. The "blogger"blog "blogspot" seems also to fool around with security. When I address https://www.sarnerblog.blogger.de/ from Germany, where I am currently, Firefix warns me of an insecure connection, and says: Der Inhaber von www.sarnerblog.blogger.de hat die Website nicht richtig konfiguriert. "Firefox hat keine Verbindung mit dieser Website aufgebaut, um Ihre Informationen vor Diebstahl zu schützen." – "The owner has not correctly configured the site www.sarnerblog.blogger.de. Firefox did not open a connection with this website, so as to protect your informations from theft". However when I address a specific post like http://sarnerblog.blogspot.de/2017/02/blick-von-der-schlogg.html I get through all right. When I manually take off the s in https://www.sarnerblog.blogger.de/ and address http://www.sarnerblog.blogger.de/, Firefox adds the s to give https and so back to square one for me. Further I suspect that Blogger isn’t sure how to address the posts, e.g. http://sarnerblog.blogspot.com/2017/02/der-sarnerblog.html. With my other blog Blogger suggests as permalink a https link like https://blogabissl.blogspot.com/2017/10/windows-10-unusable-on-hppavilion-x2.html, and when used, Firefox (or blogspot?) changes that to https://blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html, i.e. .com to .de (even .it works). If I address without s like http://blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html I get through without complaints from Firefox, and the link (URL) shortens to just blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html, never minding security? – I just tried to make a test blog entry for you. Here it is: http://blogabissl.blogspot.com/2017/10/test-blog-for-encryption-https.html. Blogspot seems to have given up trying encryption on me. That solves it.
Comment 5•7 years ago
|
||
Oh, true, it's really odd, still in end, it's website page issue,
but I will reopen this bug, as Blogger is kinda big service, so it maybe will get some attention from Google devs.
Status: RESOLVED → REOPENED
Component: Untriaged → Desktop
Ever confirmed: true
Product: Firefox → Tech Evangelism
Resolution: INVALID → ---
Summary: Much too much security! → "SSL_ERROR_BAD_CERT_DOMAIN" error on blogger (blogspot works fine)
Version: 56 Branch → Firefox 56
Updated•7 years ago
|
Status: REOPENED → NEW
Comment 6•7 years ago
|
||
for later analyzing
works = http://sarnerblog.blogspot.com/
works = https://sarnerblog.blogspot.com/
works = http://www.sarnerblog.blogspot.com/ (redirects to http://sarnerblog.blogspot.com/)
fails = https://www.sarnerblog.blogspot.com/
works = http://sarnerblog.blogspot.de/
works = https://sarnerblog.blogspot.de/
works = http://www.sarnerblog.blogspot.de/ (redirects to http://sarnerblog.blogspot.de/)
fails = https://www.sarnerblog.blogspot.de/
fails = https://www.sarnerblog.blogger.de/
fails = http://www.sarnerblog.blogger.de/ (redirects to https://www.sarnerblog.blogger.de/)
and
works = http://blogabissl.blogspot.com/
works = https://blogabissl.blogspot.com/
works = http://www.blogabissl.blogspot.com/ (redirects to http://blogabissl.blogspot.com/)
fails = https://www.blogabissl.blogspot.com/
works = http://blogabissl.blogspot.de/
works = https://blogabissl.blogspot.de/
works = http://www.blogabissl.blogspot.de/ (redirects to http://blogabissl.blogspot.de/)
fails = https://www.blogabissl.blogspot.de/
fails = https://www.blogabissl.blogger.de/
fails = http://www.blogabissl.blogger.de/ (redirects to https://www.blogabissl.blogger.de/)
Summary: "SSL_ERROR_BAD_CERT_DOMAIN" error on blogger (blogspot works fine) → "SSL_ERROR_BAD_CERT_DOMAIN" error on https://www.sarnerblog.blogspot.com/ & https://www.sarnerblog.blogger.de/
Comment 7•7 years ago
|
||
Looking on https://webcompat.com/issues/12369
It's wrong redirection link, that with "www.", which shouldn't be used.
So in the end, I'm marking this as INVALID.
Status: NEW → RESOLVED
Closed: 7 years ago → 7 years ago
QA Contact: Virtual
Resolution: --- → INVALID
Assignee | ||
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
You need to log in
before you can comment on or make changes to this bug.
Description
•