Closed Bug 434706 Opened 17 years ago Closed 17 years ago

Leave out "www." and produces SSL Error

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 364667

People

(Reporter: alex, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5 Hey guys, Not sure if this has been reported already, I have been checking for the last 10 minutes and couldn't find anything similar.. Right when you go to a website, I have had it happen now on dominos.co.uk & raileasy.co.uk, when purchasing something it goes to an SSL page, because for speed I rarely put in the www. it now produces an exception as the certificate is for www.thisdomain.tld and not thisdomain.tld.. Should there be a fix for this? I am not sure, it is easy enough to get around using the link provided to add an exception, however the first time it appeared I used the back button thinking it was a website error.. Sorry I did not have the presence of mind to screenshot this, however I will next time it happens.. Thanks, Alex. PS.. Sorry for placing this in security, but was not sure of the correct category.. Reproducible: Always Steps to Reproduce: 1. Go to "raileasy.co.uk", (not www.). 2. Buy a ticket, it should produce an SSL protected page, certificate from "www.raileasy.co.uk" 3. It produces an SSL certicate validation error.. You can add an exception though.. Actual Results: Scary looking error appears, when buying goods online this is not the best situation.. Especially when it is reproducible.. Expected Results: It should not produce an error at all, should have worked out that "domain.tld" & "www.domain.tld" are one and the same.. I am using Ubuntu Hardy, Firefox 3b5, I will update to RC1 if necessary..
Normally, a SSL certificate for www.thisdomain.tld is not valid for thisdomain.tld. The administrators should have a certificate that is valid for both. But since this just a common case (and thanks to DNS, you'll end up at the same host anyway), there's some work going on in bug 364667
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.