Closed Bug 1510445 Opened 7 years ago Closed 7 years ago

Invalid certificates - SSL_ERROR_BAD_CERT_DOMAIN

Categories

(Infrastructure & Operations :: SRE, task)

Product:
Infrastructure & Operations
Component:
SRE
Version:
Production
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: karlcow, Unassigned)

References

(
URL
)

Details

0. With Firefox on Nightly 1. Go to https://wiki.mozilla.org/Main_Page 2. Go to the bottom of the page 3. Click Mobile View in the footer 4. We get https://m.wiki.mozilla.org/index.php?title=Main_Page&mobileaction=toggle_view_mobile We get an error message. Websites prove their identity via certificates. Nightly does not trust this site because it uses a certificate that is not valid for m.wiki.mozilla.org. The certificate is only valid for wiki.mozilla.org. Error code: SSL_ERROR_BAD_CERT_DOMAIN View Certificate https://m.wiki.mozilla.org/index.php?title=Main_Page&mobileaction=toggle_view_mobile Unable to communicate securely with peer: requested domain name does not match the server’s certificate. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain: -----BEGIN CERTIFICATE----- MIIGOzCCBSOgAwIBAgIQDOujuZgDMwQQCv2vkvUBRDANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA5MDAwMDAwWhcN MTkxMTE0MTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxGzAZBgNVBAoTEk1vemlsbGEgRm91 bmRhdGlvbjEPMA0GA1UECxMGV2ViT3BzMRkwFwYDVQQDExB3aWtpLm1vemlsbGEu b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEXtg4X+31BYyNUj xAaV+/LjcgiEhZEeAWhFOKBQCUTw67qhsADrKSOwzIYqqJ7zlq3QXieWP9z3SPDH GHfq6w4KSw/hYDrpJiAta4IkpJ1YEmGmDYWneecj5B9+T+aBEUUo+CTVIeYDIpk7 gCXHV0cMUDYyDoTSnoLCobBfTqozR77oc+xWq02k6Q+8h9/pGpiSUvBbXJwAUXZD QExyI+AVt8JbD4Tpcy5MA7m34NkO5glxc/3cEaZ6i/b/m6AHR3kCedkOprdYEBeM ecUn/dbqezFt5HO3kgnRJ5JBAhwG3LeM31fHtr3TN2Re62PTRXWrRwnAaECXHfvg RyB26wIDAQABo4IC3jCCAtowHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG 2eIwHQYDVR0OBBYEFNYHIIAGtKhY0RCM2S1Z7PPD+87bMBsGA1UdEQQUMBKCEHdp a2kubW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdp Y2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGln aWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1s AQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAI BgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2lj ZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/ BAIwADCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AKS5CZC0GFgUh7sTosxncAo8 NZgE+RvfuON3zQ7IDdwQAAABZvmzj04AAAQDAEcwRQIhAI3Dd35S1B1yOtUQBmja V4FVBkv4djKM13fwrnjTISjSAiBNWflV1oexn31Kn2KY2C84YmCN9dUsdFDWbA9i DbnncAB1AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZvmzkBEA AAQDAEYwRAIgZMCgU4dVQhUv9Y9khQb1Ev4+ECwv/v8id67paYuRdSwCIAzccKcZ PoRNKx1aVSlFAPVzIXYk2LGQ/Z9fBQbb63LuMA0GCSqGSIb3DQEBCwUAA4IBAQC7 taGnGvvIcbGwmmJZpfpTmccrT1PiPuU6qb8EAbMiPUAWk2L5Cr9lWEv6npms/HpK 9VMzDo5IC6VCiH5Eik2jcWhUObakFbUV6ihQNRj5eqgD/jLJx79JN3HYL4g+6gop 2GXSI4DuF7MAqzPIa2KQQdbmXoENene80FG9Qq8YtdLvrHVzHZbN7ubt904qMm5A h1mM4VaHOEafknTb/LUBLLlklRUs0+y+XwipYLUrokemWsi6BCuOP8Bz86zA3gd4 dWz1KzCOoUsIO7vjrBCH1ChzrqRqsTxMwHrg9Joxt3GcD0AXWMlooHRl8ojKHPGT O0ij24RPp2YRduJdjgkn -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83 nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f /ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0 /RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1 oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl 5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA 8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC 2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0 j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz -----END CERTIFICATE-----
Assignee: nobody → server-ops-webops
Component: wiki.mozilla.org → SSL Certificates
Product: Websites → Infrastructure & Operations
QA Contact: cshields
This is on Nubis, moving to the right queue.
Assignee: server-ops-webops → nobody
Component: SSL Certificates → Infrastructure: AWS
New cert created with m.wiki.mozilla.org in the SAN. wiki.mozilla.org@ef8a3a38 Gozer or Daniel can you install that one?
New SAN gpg mailed to gozer as per Slack discussions.
Certificate updated successfully $> curl -v https://m.wiki.mozilla.org/ [...] * Server certificate: * subject: C=US; ST=California; L=Mountain View; O=Mozilla Foundation; OU=WebOps; CN=wiki.mozilla.org * start date: Nov 29 00:00:00 2018 GMT * expire date: Dec 3 12:00:00 2019 GMT * subjectAltName: host "m.wiki.mozilla.org" matched cert's "m.wiki.mozilla.org" * issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA * SSL certificate verify ok. > GET / HTTP/1.1 > Host: m.wiki.mozilla.org > User-Agent: curl/7.59.0 > Accept: */*
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.