User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 *.wiki.sourceforge.net sites can't utilise the *.sourceforge.net issued SSL certificate according to the default SSL certificate checking mechanism Reproducible: Always Steps to Reproduce: 1. Go to https://bio2rdf.wiki.sourceforge.net/ or https://www.wiki.sourceforge.net/ Actual Results: See error saying that certificate issued for *.sourceforge.net is not valid for bio2rdf.wiki.sourceforge.net when it might be expected to be valid and trusted from a users point of view. Expected Results: Allow access to secure site using the given certificate.
I believe this behaviour is as-designed, since our interpretation of wildcards is specified to only go one level "deep." In any event though, moving this to NSS, where the decision is made.
Historically, Mozilla has been the only browser that allowed a wildcard character to match multiple levels of subdomain. This behavior did not conform to the relevant RFC, and became viewed as a security risk, so Firefox 3.5 has changed to conform to RFC 2818. See bug 159483.
Insane that one needs to tell people to do the following: You will need to click on the "Add Exception..." link, ignore the warning about "You are about to override how Firefox identifies this site. Legitimate banks, stores, and other public sites will not ask you to do this.". Click on "Get Certificate" and then click on "Confirm Security Exception".
Almost as insane as people putting certificates on their web servers that do not match the DNS names used by those servers, and then expecting all to work without any errors.