Leave out "www." and produces SSL Error

RESOLVED DUPLICATE of bug 364667

Status

()

Firefox
Security
RESOLVED DUPLICATE of bug 364667
10 years ago
10 years ago

People

(Reporter: Alex Latchford, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5

Hey guys,

Not sure if this has been reported already, I have been checking for the last 10 minutes and couldn't find anything similar..

Right when you go to a website, I have had it happen now on dominos.co.uk & raileasy.co.uk, when purchasing something it goes to an SSL page, because for speed I rarely put in the www. it now produces an exception as the certificate is for www.thisdomain.tld and not thisdomain.tld.. 

Should there be a fix for this? I am not sure, it is easy enough to get around using the link provided to add an exception, however the first time it appeared I used the back button thinking it was a website error..

Sorry I did not have the presence of mind to screenshot this, however I will next time it happens..

Thanks, Alex.

PS.. Sorry for placing this in security, but was not sure of the correct category..

Reproducible: Always

Steps to Reproduce:
1. Go to "raileasy.co.uk", (not www.).
2. Buy a ticket, it should produce an SSL protected page, certificate from "www.raileasy.co.uk"
3. It produces an SSL certicate validation error.. You can add an exception though..
Actual Results:  
Scary looking error appears, when buying goods online this is not the best situation.. Especially when it is reproducible.. 

Expected Results:  
It should not produce an error at all, should have worked out that "domain.tld" & "www.domain.tld" are one and the same..

I am using Ubuntu Hardy, Firefox 3b5, I will update to RC1 if necessary..

Comment 1

10 years ago
Normally, a SSL certificate for www.thisdomain.tld is not valid for thisdomain.tld. The administrators should have a certificate that is valid for both.

But since this just a common case (and thanks to DNS, you'll end up at the same host anyway), there's some work going on in bug 364667
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 364667
You need to log in before you can comment on or make changes to this bug.