1407567 - "SSL_ERROR_BAD_CERT_DOMAIN" error on https://www.sarnerblog.blogspot.com/ & https://www.sarnerblog.blogger.de/

Status: RESOLVED INVALID

(Web Compatibility :: Site Reports, defect)

Description

[Fritz Jörn]

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Build ID: 20171002220106

Steps to reproduce:

I tried to oen a blooger entry, then I tried to log into Firefox


Actual results:

You made me mad. "www.sarnerblog.blogger.de verwendet ein ungültiges Sicherheitszertifikat. Das Zertifikat gilt nur für folgende Namen: *.blogger.de, blogger.de Fehlercode: SSL_ERROR_BAD_CERT_DOMAIN" Wrong certificate for blogger? 


Expected results:

1. a publicly readable site should not be encrypted. What for? 
2. and if you play around with security, think of your users. It took me ages to (forcibly) redo my password. Who ever is so important that he or she needs a 12 digit password, when writing to you. Stop all this fooling around and give us a simple, fast browser. Leave encryption to the user. Do not enforce extreme complication. Fritz@Joern.De

Comment 1

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

It's website page issue, that it provides bad and wrong certificate for encrypted connection, which fails due to this. So report this issue to website page developer.

Comment 2

[Fritz Jörn]

Well, blogger is part of Google (https://en.wikipedia.org/wiki/Blogger_(service)) and I won’t tell them that their certificates are bad. Allow me to translate the message I got from Firefox: "www.sarnerblog.blogger.de uses an invalid certificate. The certificate is only valid for the following names: *.blogger.de, blogger.de Error code: SSL_ERROR_BAD_CERT_DOMAIN". That’s a contradiction by itself.

Comment 3

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

In my case when I go to
> https://sarnerblog.blogger.de/"
I'm getting
> Sorry!
> 
> Die URL konnte nicht gefunden werden!"
so looks like really URL isn't valid.

You can also contact creator of this blogger entry,
so maybe hyperlink will be fixed to proper one.

Comment 4

[Fritz Jörn]

Thank you. I am myself the creator of this blog, but I work it from Germany and from Italy. Blogger seems to change country code (i.e. .de and .it) by itself. The "blogger"blog "blogspot" seems also to fool around with security. When I address https://www.sarnerblog.blogger.de/ from Germany, where I am currently, Firefix warns me of an insecure connection, and says: Der Inhaber von www.sarnerblog.blogger.de hat die Website nicht richtig konfiguriert. "Firefox hat keine Verbindung mit dieser Website aufgebaut, um Ihre Informationen vor Diebstahl zu schützen." – "The owner has not correctly configured the site www.sarnerblog.blogger.de. Firefox did not open a connection with this website, so as to protect your informations from theft". However when I address a specific post like http://sarnerblog.blogspot.de/2017/02/blick-von-der-schlogg.html I get through all right. When I manually take off the s in https://www.sarnerblog.blogger.de/ and address http://www.sarnerblog.blogger.de/, Firefox adds the s to give https and so back to square one for me. Further I suspect that Blogger isn’t sure how to address the posts, e.g. http://sarnerblog.blogspot.com/2017/02/der-sarnerblog.html. With my other blog Blogger suggests as permalink a https link like https://blogabissl.blogspot.com/2017/10/windows-10-unusable-on-hppavilion-x2.html, and when used, Firefox (or blogspot?) changes that to https://blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html, i.e. .com to .de (even .it works). If I address without s like http://blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html I get through without complaints from Firefox, and the link (URL) shortens to just blogabissl.blogspot.de/2017/10/windows-10-unusable-on-hppavilion-x2.html, never minding security? – I just tried to make a test blog entry for you. Here it is: http://blogabissl.blogspot.com/2017/10/test-blog-for-encryption-https.html. Blogspot seems to have given up trying encryption on me. That solves it.

Comment 5

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

Oh, true, it's really odd, still in end, it's website page issue,
but I will reopen this bug, as Blogger is kinda big service, so it maybe will get some attention from Google devs.

Comment 6

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

for later analyzing

works = http://sarnerblog.blogspot.com/
works = https://sarnerblog.blogspot.com/
works = http://www.sarnerblog.blogspot.com/ (redirects to http://sarnerblog.blogspot.com/)
fails = https://www.sarnerblog.blogspot.com/

works = http://sarnerblog.blogspot.de/
works = https://sarnerblog.blogspot.de/
works = http://www.sarnerblog.blogspot.de/ (redirects to http://sarnerblog.blogspot.de/)
fails = https://www.sarnerblog.blogspot.de/

fails = https://www.sarnerblog.blogger.de/
fails = http://www.sarnerblog.blogger.de/ (redirects to https://www.sarnerblog.blogger.de/)

and

works = http://blogabissl.blogspot.com/
works = https://blogabissl.blogspot.com/
works = http://www.blogabissl.blogspot.com/ (redirects to http://blogabissl.blogspot.com/)
fails = https://www.blogabissl.blogspot.com/

works = http://blogabissl.blogspot.de/
works = https://blogabissl.blogspot.de/
works = http://www.blogabissl.blogspot.de/ (redirects to http://blogabissl.blogspot.de/)
fails = https://www.blogabissl.blogspot.de/

fails = https://www.blogabissl.blogger.de/
fails = http://www.blogabissl.blogger.de/ (redirects to https://www.blogabissl.blogger.de/)

Comment 7

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

Looking on https://webcompat.com/issues/12369
It's wrong redirection link, that with "www.", which shouldn't be used.
So in the end, I'm marking this as INVALID.