Looking for saved searches? click on "Search Bugs" above.

Bad cert domain error when clicking a link on fedex.com

RESOLVED WORKSFORME

Status

Product:
Tech Evangelism Graveyard
Component:
English US
RESOLVED WORKSFORME
Reported:
10 years ago
Modified:
3 years ago

People

(Reporter: marcia, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

10 years ago 
Seen while testing Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a9pre) Gecko/2007101504 Minefield/3.0a9pre.

An error occurred during a connection to fedex.com:443 because it uses an invalid security certificate. The certificate is not valid for domain name fedex.com. (ssl_error_bad_cert_domain). 

STR:

1. Using the latest nightly, go to fedex.com
2. Without signing in, click on "prepare an international shipment."
3. Receive the error message. Click "Try Again" and you are in a loop.

On Safari if I follow the same steps, it just returns me to the login screen.

Comment 1

10 years ago 
maybe related to bug 399324
URL: http://fedex.comhttps://fedex.com/
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 364667

Comment 3

10 years ago 
In ff2 you get a bad cert error because the cert is for "www.fedex.com" and the URL loaded is fedex.com, this is really a site issue

Interestingly if you disable javascript you get a different, plainer, page, and if you select "prepare an internation shipment" on that page you get a link to the correct "https://www.fedex.com" site and no cert error.

This is technically tech evangelism -- the site is wrong. They could either use an absolute URI for the secure sites rather than building them based on the current site, or they could simply redirect all "fedex.com" visitors to the "real" site www.fedex.com on the initial page view.

Unfortunately this is the sort of issue that's going to come up a lot due to the new SSL error pages. I believe the "improve the text" bug will include suggestions such as "try adding "www." to the URI.

IE7 has an equivalent SSL error page (with a click-through link) but also has a "more information" link that suggests adding "www." to the front of the URI.

Opera and Safari work correctly, and the reason is very odd: The page source itself actually does contain the correct working link, but in the case of IE and Firefox the page runs http://images.fedex.com/templates/components/javascript/host_substitution_script.js to rewrite all the links into the broken fedex.com form!

Definitely tech-evangelism, the site is trying to be too smart for its own good.
URL: https://fedex.com/http://fedex.com

Comment 4

10 years ago 
In this case, because the site has perfectly good working URLs that their own code messes up, I think we should reopen as tech evangelism rather than duping to the general (www.)foo.com cert issue.
Status: RESOLVED → REOPENED
Component: Security → English US
Product: Firefox → Tech Evangelism
Resolution: DUPLICATE → ---
Version: Trunk → unspecified

Comment 5

4 years ago 
Site has been updated, this issue no longer exists.
Status: REOPENED → RESOLVED
Last Resolved: 10 years ago4 years ago
Resolution: --- → WORKSFORME
 (Assignee)

Updated

3 years ago
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.